5 August INTERNAL AUDIT REQUIRE GREATER REPRESENTATION ON THE BOARD (2019-08-05) August 5, 2019 Board of Directors, Combined Assurance, Corporate Governance Framework®, General, Governance Framework, Internal Audit, Praefectus™, Risk corporate governance codes, Chief Audit Executive, Corporate Governance Framework®, combined assurance A plethora of corporate governance codes has been written across the world, and in spite of their recommendations which inter alia seek to protect stakeholder interests and shareholder value, many governance failures and organisational collapses continue seemingly unabated. To use the Eskom debacle in South Africa as a recent example; notwithstanding their public claims of being compliant with numerous legislation -- including the provisions of the King Code for Corporate Governance for South Africa, 2016 (‘King IV™’) -- it is alarming that this organisation is ostensibly at polar opposite sides to good governance. Despite scooping a number of awards for their annual integrated reporting in 2015, the on-going revelations of poor governance at the organisation appear to indicate that the information disclosed in their annual report was either misleading, inaccurate or incomplete. It has become clear that the integrity of the organisation’s external reporting cannot be relied on by stakeholders. In the absence of accountability, this situation is unlikely to improve. Poor management controls and incomplete information It is disturbing to note that many directors (in both the public and private sector) complain that they are not adequately inducted to the affairs of the company, nor are they being provided with sufficient, timely, relevant and / or reliable information to make proper and informed decisions on behalf of the organisation. This implies that the board may in fact simply be relying and acting upon the boardroom discussions being led by the executive directors, supported by the board pack information. Expectedly, with differing or competing agendas, conducting the business of the organisation in this fashion will inevitably lead to disaster. This dire situation is compounded if there is an overly dominant and controlling Chief Executive Officer (‘CEO’) who only offers certain or guarded information to the board in order to protect themselves from the likely consequences of their actions and poor leadership. Added to this reckless behavior, the CEO in these cases is likely to also have instructed key employees on the extent to which they may divulge and or share sensitive information as a mechanism to safeguard the CEO’s own misdemeanours. The Corporate Governance Framework® contributes to the organisation’s combined assurance principles Expectedly, in the event that these employees were to be invited to the board meeting, the threat of over-sharing sensitive operational information will have been limited by the CEO’s veiled threats, however these may have been cast. The overall result of this sort of behavior will result in the board only having limited, or worse, incorrect information. Ultimately, through this sort of modus operandi, any decisions taken by the board on behalf of the organisation will be fatally flawed. One must not blindly assume that all directors fundamentally know what information must be called for to make proper risk judgements and informed decisions, and what aspects of such information may be relevant or not. Indeed, many non-executive directors may not actually know what they don’t know, and therefore they will not necessarily call for more information if same was missing in the first place. Clearly, this situation is exacerbated where the non-executive director occupies multiple board positions across different organisations. Proper oversight is key to good governance One of the primary reasons for introducing a Chief Audit Executive (‘CAE’) to the organisation’s key leadership structures, was to ensure a better way of balancing the power and command at board level, including a more objective manner of reporting various risks to the board. The CAE has an administrative reporting line to the CEO, but reports functionally to the Audit Committee. The CAE together with their internal and external audit providers acts as “the eyes and ears” of the board. In order to do justice to their function, it is imperative that they have a complete and independent overview of the entire organisation such that they are able to provide assurance over the organisation’s risk management, governance and internal control processes. To achieve this objective it is therefore critical to ensure that the scope of the organisation’s audit arrangements is not limited to merely ‘tick-boxing’ certain mundane items that have been ring-fenced by the CEO or which continue to appear on the audit plan year after year. Comprehensive governance, risk and compliance assessments should be performed annually and should be used to inform the internal and external audit plans. Understanding the GRC issues is key to risk mitigation With the introduction of the Corporate Governance Framework®, organisations and their boards -- including key stakeholders -- are assured that the governance, risk and compliance (‘GRC’) position of all the areas of the business are being subjected to regular assessments. The credibility of these assessments is strengthened when the evidence underpinning the framework is corroborated by internal audit or independent assurance providers. The framework contributes to the organisation’s combined assurance principles and allows the board to draw comfort by knowing that there is agreement on which areas of the business are being well governed and which need to be prioritized for further intervention and oversight. The levels of combined assurance must be reported upon within the organisation’s annual reporting. In other words, stakeholders need to know that there are sufficient, effective and efficient controls that defend the organisation against numerous known risks, and these assurances must be provided by inter alia; the executive and non-executive directors, the board and management, the internal and external auditors, as well as the organisation and its regulators. Anything short of a combined assurance approach is no longer acceptable, and professional bodies such as IRBA (the Independent Regulatory Board for Auditors) and IIA SA (the Institute of Internal Auditors South Africa) play a critical role in ensuring that their members adhere to and report on the implementation of combined assurance principles within their clients. With a Corporate Governance Framework® in place, all the vested parties will have access to the necessary and relevant GRC information, and the board in particular, will have the benefit of knowing that the auditors have fulfilled a broader and greater value-added purpose which will go a long way to providing greater levels of assurance to the organisation’s stakeholders. ENDS Words:1,062 For further information contact: CGF Research Institute (Pty) Ltd Terrance M. Booysen (Chief Executive Officer) Tel: +27 (0)11 476 8264 | Cell: +27 (0)82 373 2249 E-mail: firstname.lastname@example.org Web: www.cgfresearch.co.za CGF Research Institute (Pty) Ltd Jené Palmer CA(SA) (Lead Independent Consultant) Tel: +27 (0)11 476 8264 | Cell: +27 (0)82 903 6757 E-mail: email@example.com Web: www.cgfresearch.co.za Follow CGF on Twitter: @CGFResearch Click below to read more... Attached Files 20190805-Internal-Audit-require-greater-representation-on-the-board.pdf 236.29 KB Related Articles BOARDS THAT CREATE VALUE: CORPORATE GOVERNANCE FRAMEWORK® By Jene’ Palmer and reviewed by Terrance M. Booysen It has been painful to watch the likes of Lance Armstrong, Mike Tyson and Hansie Cronje sabotage their futures through poor decision-making. Similarly, many organisations and their boards have failed to demonstrate strong and responsible leadership qualities to motivate and drive their organisations to success. Awareness, decisiveness and accountability are some of the business leadership qualities required to achieve remarkable performances. The ‘buck’ stops with the board of directors and it is the board of directors who are ultimately held accountable for the success of the organisation. However, with the business landscape changing at an accelerating rate, risk management and decisive decision-making are becoming more challenging and business failures more prominent. A recent Harvard Business Review reports the failure rate for mergers and acquisitions to be between 70% and 90%. According to the United States Small Business Administration, only 44% of new businesses are still in existence after four years. Against this backdrop, how does a board create a sustainable organisation in what are clearly turbulent times? TANGIBLE BENEFITS OF A CORPORATE GOVERNANCE FRAMEWORK® Article by Jene’ Palmer Forward-thinking organisations have realised that corporate governance does not merely fall into the portfolio of the Company Secretary. Indeed, the draft King IV Report on Corporate Governance for South Africa 2016 (‘King IV’), describes corporate governance as “the exercise of ethical and effective leadership by the governing body” of an organisation. Why then is corporate governance still viewed by many organisations as a process which increases bureaucracy and drives a ‘tick box’ exercise? Perhaps the explanation lies in not understanding and appreciating the value which can be unlocked by implementing a purpose-built Corporate Governance Framework® which is tailored to the organisation. Empirical research supports the fact that good corporate governance translates into tangible and sustainable benefits for the organisation. Some of these benefits are set out below. COMBINED ASSURANCE: IS YOUR ORGANISATION ADEQUATELY ASSURED? (2019-10-01) If we have both internal and external auditors, we have combined assurance, right? Wrong! For the board of directors to claim that they have discharged their obligations to implement a Combined Assurance Model requires much more than just the appointment of internal and external auditors. DEMYSTIFYING ISO MANAGEMENT SYSTEM STANDARDS AND RELATED GUIDELINES (2019-10-25) The number of management systems has risen dramatically in recent years, reflecting the increasing governance demands being placed on more and more organisations and their boards, and especially so in the wake of a myriad of governance scandals and corporate collapses locally and abroad. SUSTAINABILITY DEPENDS ON A STRONG GOVERNANCE FRAMEWORK Article by Terrance M. Booysen Corporate governance is one of the key elements many investors consider when they reflect upon the organisation’s success, as well as when deciding upon their investment choices. But when the organisation’s governance system shows signs of stress or failure, not only do astute investors understand the unsettling impact it has upon the organsation’s supply chain, they also become wary about its sustainability which may give rise to them re-considering to ‘weather the storm’ or ‘bail out’ so to speak. Over the years so much has been written about failures of corporate governance within organisations, including the financial, social and political consequences which are typically found in its trail. Yet in spite of numerous regulation to improve the overall conduct of organisations, including the various King Codes of Corporate Governance written in South Africa, even more organisations are becoming affected by poor governance. DO YOU REALLY NEED A CORPORATE GOVERNANCE FRAMEWORK®? By Jene’ Palmer and reviewed by Terrance M. Booysen We know that both local and international organisations are continuously having to adapt to operate in uncertain business environments. Locally, the release of the Preferential Procurement Regulations 2017, which places stronger emphasis on ‘radical transformation’, against the backdrop of persisting low economic growth rates are only some of the elements giving rise to further uncertainty. Internationally, the business and regulatory implications of the election of President Donald Trump and the vote in favour of Brexit and how these events will impact on local markets and businesses, is still unfolding. It therefore comes as no surprise that recent governance, risk and compliance (‘GRC’) surveys all indicate an increasing need to improve risk oversight and to balance opportunity management with risk management. The challenge lies in being able to achieve these objectives! Comments are closed.