Internal auditors are part of the foundation on which effective corporate governance is built. By being involved in this arena, internal auditors can better fulfill the complete definition of internal auditing.
However, it is important to be clear that it is the responsibility of the board of directors to develop and maintain an effective governance environment. The IIA states in the position paper Recommendation for Improving Corporate Governance that internal audit’s role is to be “a critical, independent observer of that process.”
The IIA Standards, which follow the COSO model, acknowledge that evaluating the governance environment is part of internal audit’s role in the organization. This evaluation process in turn assists management (and thus the board) in developing and maintaining an effective governance environment. Standard:
2100 – Nature of Work states that “The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach.”
2110 Governance – The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives:
• Promoting appropriate ethics and values within the organization• Ensuring effective organizational performance management and accountability
• Communicating risk and control information to appropriate areas of the organization
• Coordinating the activities of and communicating information among the board, external and internal auditors, and management.
The role internal audit plays in governance is highly influenced by the maturity level of the organization’s governance processes and structure, as well as the roles and qualifications of internal auditors.
Typically, internal auditors operate in two capacities regarding corporate governance. First, auditors provide independent, objective assessments on the appropriateness of the company’s governance structure and the operating effectiveness of specific governance activities.
Second, they act as catalysts for change, advising or advocating improvements to enhance the organization’s governance structure and practices.
Internal audit should have a clear set of published audit objectives to ensure that governance mechanisms such as the internal control systems, risk management processes and financial reporting systems are monitored at all times.
By providing assurance on the risk management, control and governance processes within an organization, internal auditing can fulfill its role as one of the cornerstones of effective organizational governance.
Corporate governance should be facilitated by the internal audit department