According to the Institute of Internal Auditors’ (IIA) International Professional Practices Framework (IPPF), “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations”.
Also, the Association of Chartered Certified Accountants (ACCA) defines Internal Auditing as “a department within the company which oversees internal control systems and ensures that procedures are in place to ensure good corporate governance.”
Other authors or audit firms have defined this term in several other ways. Internal auditing covers several departments, such as construction activities, information systems, and financial audits, among other special areas involving internal auditing operations.
Internal audits focus on measuring current performance and finding areas for improvement. They comply with the policies of the regulatory bodies supervising their operations.
Sir Adrian Cadbury (1992) states, “Corporate governance is the way organizations/corporations are directed, governed and controlled”.
Corporate governance involves carrying out the corporation’s activities to meet the stakeholders’ desires. These activities are mainly the responsibility of the board of directors and the concerned committees for the company’s stakeholders’ benefit.
READ RELATED: Documents Were Stolen! CAG’s Audit Report 2023 Unveils Inefficiencies in REA Projects, 20% of Villages Were Not Included
Corporate governance aims to balance individuals’ and societal goals and economic and social goals. Internal auditing is integral to corporate governance in areas such as internal control systems. Internal Auditing plays an important role in the corporate governance, as shown below:
Ensure corporate ethics and accountability. According to Kenzer, “A survey done by management with one of the audit firms illustrates several reasons why ethics needs to be considered in working life, such as more than 2 out of 3 employees say lies to their boss, less than half consider the people at the top to be strong ethical role models and others.”
Good ethics and accountability in corporate governance can yield many benefits. Many ethical codes have been developed to suit various organizations.
These codes cover conduct, gifts, objectivity, honesty, and more. Internal auditors can help promote an ethical culture within the organization by reviewing ethics and compliance policies and procedures.
They can also investigate allegations of misconduct and recommend appropriate corrective actions.
Adrian Cadbury says, “These codes aim to assist those working in a company in knowing what standards of conduct are expected of them and the kind of problems they may encounter in the course of their duties.” Such codes include the civil service code and the Nolan principles, among others.
Providing independent oversight and assurance to the stakeholders, especially on risk issues and the effectiveness of internal control systems.
Internal auditors provide a general report that keeps the board informed of the progress of their objectives, the assessment of risks, the effectiveness of internal controls, the governance process, or any other related issues that may threaten the achievement of the objectives.
Internal audit is supposed to provide reasonable and unbiased advice and assurance regarding the effectiveness of such issues, improve corporate governance performance, and help stakeholders maintain confidence in the organization’s financial reporting and overall operations.
Internal auditors assess better internal control systems, generally policies and procedures designed to safeguard assets, ensure financial reporting, and help people easily navigate risky environments.
This can help identify fraud activities in the firm easily. Ensuring compliance with laws and regulations: Internal auditors are responsible for ensuring that the corporation’s general activities align with the laws and regulations set by higher bodies.
ALSO, READ Corporate Rigidity to Creative Freedom: My Experience Across Both Worlds
This helps to mitigate legal and regulatory risks and helps to maintain the corporation’s license to continue operating.
This can be effectively done through conducting compliance audits, which involve reviewing corporate procedures to determine whether they follow specific regulations set out by higher authorities.
According to Kerzner. H, “Risk management refers to the process of identifying, quantifying, and responding to the project’s risks without any material impact on the project’s objectives.”
Risk is an integral part of many organizations, and having good internal auditors with the expertise to manage risks effectively is paramount for their success.
Sarens Bestuur points out that ‘the internal auditing role in monitoring and improving risk management has turned out to be an important contribution to corporate governance.” Internal audit plays the following roles in risk management:
Identifying and assessing risks that are most likely to obstruct the organization’s achievement of its objectives; internal auditors play a role in identifying possible risks, how they have been identified, such as through historical data, and engaging with stakeholders on how the risks will be valued and managed.
Firstly, possible risks must be identified to understand their root causes, nature, and interdependence. The auditor and the client do this. The next stage is assessing the significance of the identified risks.
As seen, the Enterprise Resource Planning (ERP) systems nowadays used by internal auditors have introduced some tools that help manage and assess risk.
These tools help manage human resources, ensure regulatory compliance, and enhance project management and monitoring.
Internal auditors also help easily identify the possible probability of risk occurrence and then prioritize mitigating the risks with a high likelihood of occurrence and effects.
Assessing the controls: Internal auditors help review the entire risk management process, and outputs should be reviewed continuously to determine whether the strategies used to manage the risks were effective.
Also, internal auditors should be aware of any discrepancies made so as to improve performance next time. They should initiate mitigation strategies, such as fraud detection mechanisms that provide early warnings, to enable companies to navigate such uncertain environments confidently.
Sarens and De Belde stress that “Top managers expect internal auditors to assist them in formalizing risk management systems and gaining a reasonable level of awareness of risks and controls.”
Internal auditors help align risk management strategies with a firm’s goals by ensuring congruence between corporate goals and risk management strategies.
They work closely with management to identify strategic risks that may impact achieving the firm’s goals and objectives. By doing so, they make the risk management process easier and provide insights into potential opportunities and threats.
They also ensure that risk issues are critically discussed in board meetings, ensuring effective decisions.
Internal audits play a crucial role in risk management and corporate governance, but they sometimes face limitations that need to be addressed.
They need to cover a limited scope, be biased and lacking independence, and face resource constraints, especially in terms of expertise, which may, in one way or another, affect the true and fair view of the reports and statements being prepared by them.