CHAPTER 3

INTERNAL AUDITING
AND CORPORATE
 LEARNING OBJECTIVES
To be able to: -
Define corporate governance (CG)
Explain the characteristics of good and poor CG
Explain the role of internal auditing as part of internal control
Explain the role of internal auditing as an aid to management
Explain the relationship of internal auditing and the audit committee
(AC)
Explain the relationship of internal auditing and board of directors
(BOD)
 LEARNING OBJECTIVES
To be able to: -
Explain the role of internal auditing in risk management (RM)
Explain the regulations and guidelines affecting internal auditing
 DEFINITION OF
CORPORATE GOVERNANCE
Extracted from the Report on CG, 1999

“… the process and structure used to direct and manage the

business and affairs of the company towards enhancing
business prosperity and corporate accountability with the
ultimate objective of realizing long term shareholder value,
whilst taking into account the interests of other
stakeholders.”
CHARACTERISTICS OF GOOD
CORPORATE GOVERNANCE
... Begins with good management structure and clear lines of
authority and responsibility

Important elements of good CG: -

i. An effective BOD
- set strategic direction and plan
- a balance of executive and non-executive
directors
 CHARACTERISTICS OF GOOD
CORPORATE GOVERNANCE
ii. Good management structure and clear line of
responsibilities
- clear delegation from board to the management through management
structure, policies and procedures

iii. Comprehensive policies and procedures

- comprehensive and adequate policies and procedures to govern
operation

iv. Independent supervision by an AC

- setting up independent supervisory bodies
CHARACTERISTICS OF POOR
CORPORATE GOVERNANCE
Instances of poor CG: -
i. Ineffective BOD
ii. Ineffective AC
iii. Excessive remuneration
iv. Unreliable annual and audited report

Impact of poor CG: -

i. Poor financial reporting

ii. Unreliable financial information
iii. Inaccurate decision making
 INTERNAL AUDITING
AS PART OF INTERNAL
CONTROL
The purpose of internal control process are to: -

- Ensure financial and operational information are reliable and possess integrity
- Ensure operations are performed efficiently and achieve effective results
- Safeguard assets
- Ensure actions and decisions of the organization are in compliance with laws,
regulations and contracts
- Support people within the organization in the management of risk and achievement of
the organizational objectives
 INTERNAL AUDITING
AS PART OF INTERNAL
CONTROL
Internal auditing is designed to add value and improve an
organization’s operations.

Its functions include:

- Examining, evaluating and monitoring the adequacy and

effectiveness of the accounting and internal control
system.
 INTERNAL AUDITING
AS PART OF INTERNAL
CONTROL
Its responsibilities toward internal control system are:

- Review the internal control system

- Make recommendations for improvement
- Highlight major weaknesses in internal control system
- Detect errors, abuse and fraudulent.
 INTERNAL AUDITING
AS AN AID TO
MANAGEMENT
Internal auditing provides consulting services to management
as part of the multiple internal auditing services .

IA can assist the management by:

- Monitoring activities of top management

- Identifying and minimizing risks
- Validating reports to senior management
- Providing information for decision making process
 INTERNAL AUDITING
AS AN AID TO
MANAGEMENT
- Reviewing for the present, future and past situations
- Helping managers to manage by pointing to violation of
procedures and management principles
 INTERNAL AUDITING
AND THE AUDIT
COMMITTEE
AC
- consist of outside members of the Board
- serves as an intermediary between the auditor and management
- responsible for evaluating the financial reporting and auditing process
An effective AC should:
- maintain independence
- combine a balance of skills
- provide list of specific duties and responsibilities
- plan the year's agenda
- document the AC’s work
 INTERNAL AUDITING
AND THE AUDIT
COMMITTEE
Responsibilities of AC
- assists the BOD in carrying out their responsibilities relating
to the organization's accounting policies, internal control
and financial reporting practices
- establish and maintain lines of communication between the
BOD and the external auditors and internal auditors
 INTERNAL AUDITING
AND THE AUDIT
COMMITTEE
Specific area of AC responsibilities:
i. Financial reporting
- Full disclosures : results of operations/future plan / commitment
- Recommend external auditor

ii. Corporate governance

- Firm comply to law and regulations

iii. Corporate control

- Implement internal control system
 INTERNAL AUDITING
AND THE AUDIT
COMMITTEE
IA can assist the AC by:

- Reporting significant issues regarding the improvement

process or activities
- Providing information on the coordination with other
control and monitoring functions
- Providing recommendations on non-conformity issues
- Assisting AC in the fraudulent investigations
- Proposing AC to consult the external auditors if required
 INTERNAL AUDITING
AND THE BOARD OF
DIRECTORS
IA can assist the BOD by:

- Ensuring that the visions, missions and objectives of the organization are properly
communicated to all the functional departments.
- Providing relevant information in preparing strategic planning
- Monitoring the implementation of the strategic planning
 INTERNAL AUDITING
AND THE BOARD OF
DIRECTORS
- Providing independent information on the effectiveness
of the management or organization’s operation.

- Helping in reviewing the composition of the BOD

regarding the executive, non executive, independent
persons and this should comply with the policies.
 INTERNAL AUDITING
AND RISK MANAGEMENT
IA has a key role in risk management.

IA need to assist the management and AC in RM process by:

- Examining, evaluating, reporting and recommending
improvement on the adequacy and effectiveness of RM
process
- Develop methodologies and control measures
- Develop assessment and document reports on the
organization’s RM process
 INTERNAL AUDITING
AND RISK MANAGEMENT
- Educate and provide information on the importance of
RM strategy to the organizational members

If the management does not establish a risk management

process, IA should suggest for it.
 REGULATIONS &
GUIDELINES AFFECTING
INTERNAL AUDITING
Stated in the Malaysian Code on Corporate Governance –
introduce by MICG

The Code emphasis on the 3 relevant sections, namely

i. The Principles of Provision (DII, Part 1)

The board should maintain a sound system of internal control
to safeguard shareholders’ investment and the company’s
assets.
 REGULATIONS &
GUIDELINES AFFECTING
INTERNAL AUDITING
ii. The Best Practices Provision (BB VII, Part 2)

The board should establish an internal audit function

and identify a head of internal audit who reports
directly to the audit committee.

The head of internal audit will be responsible for the

regular review and/or appraisal of the effectiveness of
the risk management, internal control, and governance
processes within the company.
 REGULATIONS &
GUIDELINES AFFECTING
INTERNAL AUDITING
iii. The Best Practices Provision (BB VIII, Part 2)

The internal audit function should be independent of the activities they

audit and should be performed with impartiality, proficiency and due
professional care. The board or the audit committee should determine
the remit of the internal audit function.

Due to revamped listing requirements in 2001 – listed firms have to

disclosed Statement on Corporate Governance and Internal Control
Statement