5 August INTERNAL AUDIT REQUIRE GREATER REPRESENTATION ON THE BOARD (2019-08-05) August 5, 2019 Board of Directors, Combined Assurance, Corporate Governance Framework®, General, Governance Framework, Internal Audit, Praefectus™, Risk corporate governance codes, Chief Audit Executive, Corporate Governance Framework®, combined assurance A plethora of corporate governance codes has been written across the world, and in spite of their recommendations which inter alia seek to protect stakeholder interests and shareholder value, many governance failures and organisational collapses continue seemingly unabated. To use the Eskom debacle in South Africa as a recent example; notwithstanding their public claims of being compliant with numerous legislation -- including the provisions of the King Code for Corporate Governance for South Africa, 2016 (‘King IV™’) -- it is alarming that this organisation is ostensibly at polar opposite sides to good governance. Despite scooping a number of awards for their annual integrated reporting in 2015, the on-going revelations of poor governance at the organisation appear to indicate that the information disclosed in their annual report was either misleading, inaccurate or incomplete. It has become clear that the integrity of the organisation’s external reporting cannot be relied on by stakeholders. In the absence of accountability, this situation is unlikely to improve. Poor management controls and incomplete information It is disturbing to note that many directors (in both the public and private sector) complain that they are not adequately inducted to the affairs of the company, nor are they being provided with sufficient, timely, relevant and / or reliable information to make proper and informed decisions on behalf of the organisation. This implies that the board may in fact simply be relying and acting upon the boardroom discussions being led by the executive directors, supported by the board pack information. Expectedly, with differing or competing agendas, conducting the business of the organisation in this fashion will inevitably lead to disaster. This dire situation is compounded if there is an overly dominant and controlling Chief Executive Officer (‘CEO’) who only offers certain or guarded information to the board in order to protect themselves from the likely consequences of their actions and poor leadership. Added to this reckless behavior, the CEO in these cases is likely to also have instructed key employees on the extent to which they may divulge and or share sensitive information as a mechanism to safeguard the CEO’s own misdemeanours. The Corporate Governance Framework® contributes to the organisation’s combined assurance principles Expectedly, in the event that these employees were to be invited to the board meeting, the threat of over-sharing sensitive operational information will have been limited by the CEO’s veiled threats, however these may have been cast. The overall result of this sort of behavior will result in the board only having limited, or worse, incorrect information. Ultimately, through this sort of modus operandi, any decisions taken by the board on behalf of the organisation will be fatally flawed. One must not blindly assume that all directors fundamentally know what information must be called for to make proper risk judgements and informed decisions, and what aspects of such information may be relevant or not. Indeed, many non-executive directors may not actually know what they don’t know, and therefore they will not necessarily call for more information if same was missing in the first place. Clearly, this situation is exacerbated where the non-executive director occupies multiple board positions across different organisations. Proper oversight is key to good governance One of the primary reasons for introducing a Chief Audit Executive (‘CAE’) to the organisation’s key leadership structures, was to ensure a better way of balancing the power and command at board level, including a more objective manner of reporting various risks to the board. The CAE has an administrative reporting line to the CEO, but reports functionally to the Audit Committee. The CAE together with their internal and external audit providers acts as “the eyes and ears” of the board. In order to do justice to their function, it is imperative that they have a complete and independent overview of the entire organisation such that they are able to provide assurance over the organisation’s risk management, governance and internal control processes. To achieve this objective it is therefore critical to ensure that the scope of the organisation’s audit arrangements is not limited to merely ‘tick-boxing’ certain mundane items that have been ring-fenced by the CEO or which continue to appear on the audit plan year after year. Comprehensive governance, risk and compliance assessments should be performed annually and should be used to inform the internal and external audit plans. Understanding the GRC issues is key to risk mitigation With the introduction of the Corporate Governance Framework®, organisations and their boards -- including key stakeholders -- are assured that the governance, risk and compliance (‘GRC’) position of all the areas of the business are being subjected to regular assessments. The credibility of these assessments is strengthened when the evidence underpinning the framework is corroborated by internal audit or independent assurance providers. The framework contributes to the organisation’s combined assurance principles and allows the board to draw comfort by knowing that there is agreement on which areas of the business are being well governed and which need to be prioritized for further intervention and oversight. The levels of combined assurance must be reported upon within the organisation’s annual reporting. In other words, stakeholders need to know that there are sufficient, effective and efficient controls that defend the organisation against numerous known risks, and these assurances must be provided by inter alia; the executive and non-executive directors, the board and management, the internal and external auditors, as well as the organisation and its regulators. Anything short of a combined assurance approach is no longer acceptable, and professional bodies such as IRBA (the Independent Regulatory Board for Auditors) and IIA SA (the Institute of Internal Auditors South Africa) play a critical role in ensuring that their members adhere to and report on the implementation of combined assurance principles within their clients. With a Corporate Governance Framework® in place, all the vested parties will have access to the necessary and relevant GRC information, and the board in particular, will have the benefit of knowing that the auditors have fulfilled a broader and greater value-added purpose which will go a long way to providing greater levels of assurance to the organisation’s stakeholders. ENDS Words:1,062 For further information contact: CGF Research Institute (Pty) Ltd Terrance M. Booysen (Chief Executive Officer) Tel: +27 (0)11 476 8264 | Cell: +27 (0)82 373 2249 E-mail: [email protected] Web: www.cgfresearch.co.za CGF Research Institute (Pty) Ltd Jené Palmer CA(SA) (Lead Independent Consultant) Tel: +27 (0)11 476 8264 | Cell: +27 (0)82 903 6757 E-mail: [email protected] Web: www.cgfresearch.co.za Follow CGF on Twitter: @CGFResearch Click below to read more... Attached Files 20190805-Internal-Audit-require-greater-representation-on-the-board.pdf 236.29 KB Related Articles INVIGORATING THE INTERNAL AUDIT PROFESSION THROUGH ROBUST GOVERNANCE AND CONTROLS (2020-08-18) The recent public censure and financial penalties imposed by the JSE Limited on Tongaat Hulett Ltd and EOH Ltd for non-compliance with the JSE Listing Requirements, again brings the effectiveness of the internal audit profession (and indeed external audit) into question. Is internal audit adding value? The question is relevant to both the public and private sector where examples of financial misstatement and the circumvention of internal procurement policies and procedures are increasingly being uncovered. In these circumstances, questions need to be asked about the future role and stakeholder expectations of internal audit. INTERNAL AUDITORS PLAY AN IMPORTANT ROLE IN STRENGTHENING THE GOVERNANCE OF AN ORGANISATION (2020-08-12) People who occupy positions of authority include not only executive and non-executive directors of the board, but also managers who have the means of influencing or causing material changes in the organisation. The latter, according to the South African Companies Act of 2008, are known as ‘prescribed officers’ and together with the organisation’s directors and internal auditors, can all be held liable for not ensuring that the interests of the organisation are being adequately served and protected. EVOLVING BOARDS: THRIVING IN THE MIDST OF DISRUPTION (2024-04-15) There is a Chinese proverb which states: “The wise adapt themselves to circumstances, as water moulds itself to a pitcher”. To ensure that organisations continue to thrive in an evolving business environment, boards and business leaders must embrace and adapt to the challenges being presented by shifting landscapes. BOARDS THAT CREATE VALUE: CORPORATE GOVERNANCE FRAMEWORK® By Jene’ Palmer and reviewed by Terrance M. Booysen It has been painful to watch the likes of Lance Armstrong, Mike Tyson and Hansie Cronje sabotage their futures through poor decision-making. Similarly, many organisations and their boards have failed to demonstrate strong and responsible leadership qualities to motivate and drive their organisations to success. Awareness, decisiveness and accountability are some of the business leadership qualities required to achieve remarkable performances. The ‘buck’ stops with the board of directors and it is the board of directors who are ultimately held accountable for the success of the organisation. However, with the business landscape changing at an accelerating rate, risk management and decisive decision-making are becoming more challenging and business failures more prominent. A recent Harvard Business Review reports the failure rate for mergers and acquisitions to be between 70% and 90%. According to the United States Small Business Administration, only 44% of new businesses are still in existence after four years. Against this backdrop, how does a board create a sustainable organisation in what are clearly turbulent times? GOOD GOVERNANCE – IS IT RED TAPE OR A CRITICAL BOARD COMPETENCY? (2024-04-11) Let’s just focus on the business and less on governance! Governance stifles innovation and adds red tape! How often have you heard similar sentiments being expressed? The reality is that the role of the board has evolved. Global issues and topics such as geopolitics, diversity and inclusivity, climate and nature, and artificial intelligence, have rendered the traditional approach to board oversight as far too narrow. Today, boards must adopt a more stakeholder-inclusive approach and embrace different perspectives when considering strategy development, risk management and operational and ethical oversight. However, good governance has always been a fundamental competency for board members rather than a set of bureaucratic skills which imposes an additional burden on decision-making within the organisation. COVID-19: ADDRESSING DEBILITATING RISKS REQUIRES A ROBUST GOVERNANCE FRAMEWORK (2020-04-17) The times we are currently living in are unprecedented. Covid-19 has once again highlighted the reasons why governance -- good governance -- is a critical function in a democratic country. Comments are closed.