INTERNAL AUDIT’S ROLE IN STRENGTHENING CORPORATE GOVERNANCE

By CPA Mbuthia Michael Mwangi, MBA

Head of Audit at Acorn Holdings Limited. Member IIA (K) Research and Publications Committee

Corporate governance is a combination of processes and structures instituted by the board to inform, direct, manage, and monitor the activities of an organization toward the achievement of its objectives. Governance determines how an organization makes decisions and follows rules.

Corporate governance facilitates the setting of organizational purpose, strategic goals and objectives and setting of the performance metrics by which performance is measured on and communicated. Some of the key attributes to good governance are integrity, transparency, accountability, responsiveness, effectiveness, efficiency, risk management, rule of law and strategic vision.

Through sound corporate governance organizations seek to create processes that ensure fairness, transparency, and manage wastage and risk exposure with the aim of building long-term growth and stakeholder trust and confidence.

According to the Global Internal Audit standards (GIAS) “internal auditing strengthens the organization’s ability to create, protect, and sustain value and enables an organization to achieve its objectives by providing a disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.”

Internal audit is best equipped to strengthen corporate governance if it is independent, innovative, agile and has competent staff with deep appreciation of strong governance, an in-depth understanding of business systems and processes, and are driven to help the organization succeed.

To play this essential role the internal audit function requires adequate stakeholder understanding and strong support from both the board and management.

Internal audit can strengthen corporate governance by.

1. Evaluating the governance structure to ensure that the organization has a clearly defined structure with clearly demarcated roles of the board and management, adequate internal controls and risk management protocols and regular periodic governance auditing.
2. Evaluating the diversity in the composition of the board to strike a balance which boosts inclusion and diversity of perspectives.
3. Evaluating for the presence of key board structures such as up-to-date succession plan for the board and key management personnel, existence of a board nomination/ recruitment committee with a clear recruitment plan to fill the skill gaps in the board with emphasis on diversity, inclusion, expertise, and professional competence.
4. Providing foresight on whether regular and timely board training and development is conducted to equip the members with emerging corporate governance trends and best practices.
5. Supporting decision-making and oversight by reviewing the reporting structures within the organization to ensure all key activities have clear reporting lines and confirming existence of key committees such as the executive management committee, management tender committee, credit committee where necessary.
6. Reviewing for transparency by checking for open communication channels with key stakeholders and effective proactive information sharing.
7. Promoting ethical behavior and integrity in the organization by confirming existence of an effective code of conduct for the board and the staff.
8. Providing insights over the strategic management of the organization by checking whether management activities are geared towards a shared vision as per the set strategic goals, alignment of strategic objectives to the goals, cascading of the strategic objectives and regular strategy realignment.
9. Enabling successful achievement of organizational objectives by reviewing whether a performance management system is in place and to establish its reliability, accuracy and transparency.
10. Providing assurance on existence and regular review of key policies covering areas such as conflict of interest, anti-bribery and anti-corruption, whistleblowing, enterprise risk management, dividend payment, operations, IT governance, related party transactions, sustainability and environmental, social and governance (ESG) etc.
11. Providing assurance whether the policies incorporate the corporate strategy, risk management, accountability, transparency, and ethical practices.
12. Promoting compliance to the rule of law by ascertaining existence of a compliance policy, compliance management staff and a clear reporting line of compliance matters to the board and management.
13. Providing the board and management with assurance over the enterprise risk management processes and offering foresight on evolving risks such as disruptive changes in technology, geopolitics, climate change, cybersecurity e.tc.

In Conclusion

Internal audit functions face a major challenge in their role to strengthen governance due to lack of capacity caused by insufficient staff skills, certifications, ethical foundation and inadequate support from the board and management.

To overcome this challenge the function may build its capacity or rely on the work of a governance audit expert.

By conducting risk-based audits that provide assurance, insight and foresight on the various governance processes and structures internal audit plays a vital role to strengthen corporate governance.

Internal audit recommends changes to the organization and follows up on their implementation ensuring that the four Ps of corporate governance are effective in an organization i.e.

1. Purpose. The purpose of the organization has been clearly defined and is used to guide the operations of the organization.
2. People. The organization has put the right people in place.
3. Process. The processes in the organization are effective.
4. Performance. Performance is measured against set strategic objectives.