company secretaty and internal auditor
TRANSCRIPT
![Page 1: Company Secretaty and Internal Auditor](https://reader031.vdocument.in/reader031/viewer/2022021116/577cd8371a28ab9e78a0af95/html5/thumbnails/1.jpg)
F E B R U A R Y 2 0 0 7 K E E P I N G G O O D C O M P A N I E S
The internal auditor within any organisation is
an important ally and supporter of the
Company Secretary. Separately, they represent the
two primary organisational managers who focus
entirely on governance and risk. Together, they
can represent a real force in terms of changing
behaviour and driving improvement in
governance, risk management and control.
While most organisations will have an internal
audit function, recent discussions with a range of
Company Secretaries around Australia suggest that
Company Secretaries are not effectively using
internal audit to support their objectives.
Company Secretary, internal auditand governance
A common description of corporate governance is
as a ‘Corporate Governance Table’ whereby
corporate governance has four cornerstones or
‘legs’, being:
• the board of directors
• executive management
• internal auditors, and
• external auditors.1
The role of the Company Secretary varies from
organisation to organisation, and can be anything
from a part of the board of directors leg, to part of
the executive management leg, to the ‘glue’ the
holds the table together. Our view is that the
Company Secretary can add the most value to
their organisation by interacting with all of the
legs of the table to assist in driving the governance
agenda.
With internal audit serving as one of the
table’s legs, the Company Secretary can get real
support from internal audit in achieving
governance objectives. In fact, internal auditors
routinely help with its leg of the governance table
by assisting with:
• how to better manage risks
• how to improve the organisation’s compliance
with laws and regulations, and
• promoting the importance of ethics and a
positive corporate culture.
Observations of interaction betweenthe Company Secretary and internalaudit
Our observations across a range of organisations of
varying size, complexity, industry and geography
suggest that the interaction between the Company
Secretary and internal audit is often minimal.
Situations where interaction could be occurring
but often is not, include:
• Company Secretaries not receiving relevant
internal audit reports
• Company Secretaries not providing input into
the internal audit plan
• Company Secretaries not being aware of
internal audit findings in the area of corporate
compliance
• Company Secretaries not using internal audit
to provide oversight in connection with
secretarial responsibilities
• inconsistencies between advice and messages
between Company Secretaries and internal
audit, and
• internal audit not regularly using the
Company Secretary as a source of evidence
and insight across the organisation.
Obviously these deficiencies do not apply to all
organisations: we have seen evidence in a number
of organisations where the interaction between the
two roles is strong, active and very healthy. Further,
the need and nature of the interaction between the
two roles is heavily dependent on how the roles of
the Company Secretary and internal auditor are
utilised within the organisation.
Over the past decade, both roles have
changed. Both have moved from largely
operational functions toward a more strategic role
providing advice and support to improve
organisational performance. Arguably, both
professions are still working out how best to
24
F EATURE
Company Secretary and internal
auditor: joint guardians of
governance, risk management
and controlBy Mark Harrison, Managing Director, Protiviti
![Page 2: Company Secretaty and Internal Auditor](https://reader031.vdocument.in/reader031/viewer/2022021116/577cd8371a28ab9e78a0af95/html5/thumbnails/2.jpg)
achieve these more strategic roles, and what tools
(both within and outside an organisation) should be
used to achieve their objectives. This may be one
reason why the two professions are not currently
best utilising the services of the other to achieve
improvements in performance and governance
within their organisations.
In conversations with Company Secretaries,
another potential cause for the lack of interaction
between the Company Secretary and the internal
auditor emerges: a lack of understanding of what
exactly an internal auditor can or should do within
an organisation.
What does the internal auditor do?
The Institute of Internal Auditors, the professional
body for internal auditors around the world,
publishes a Professional Practices Framework which
includes the following definition:
Internal auditing is an independent, objective
assurance and consulting activity designed to add
value and improve an organisation’s operations. It
helps an organisation accomplish its objectives by
bringing a systematic disciplined approach to
evaluate and improve the effectiveness of risk
management, control and governance processes.2
The manner in which this assurance and
consulting is provided can vary. In some
organisations, all internal audit activity takes the
form of discrete reviews and reports which are
tailored to areas of high risk or high significance to
the organisation or where there is specific reliance
on controls. In other organisations internal audit
also provides training, advice and consultation, and
serves on various management committees.
In any of these capacities, internal audit acts as a
change agent to identify areas where processes, people
or technology are not performing at an optimal or
appropriate level and recommend improvements. As
noted in a recent publication by Protiviti:
The true measure of performance for internal audit
is the ability to effect and facilitate organisational
change that fosters continuous improvement and
gradual progression up the risk management
continuum. The true worth of internal audit is not
measured in the weight of after-the-fact
recommendations, but in the ability to provide just-
in-time advice and influence positive change that
adds value to the organisation… internal audit
should be at the forefront of positive change by
recommending and facilitating the process of
aligning people, processes and technology to
achieve improved sustainable performance.3
This can equally be applied to governance
arrangements and, in fact, much of internal audit’s
work assists with establishing and maintaining good
corporate governance.
The internal audit profession has moved
significantly over the past decade. It is now by far
the exception rather than the rule that the internal
auditor focuses entirely on financial transactions
and processes. Further, internal audit is rarely
devoted specifically to ‘tick and flick’ auditing of
transactions. Today’s internal audit function is a
multi-disciplinary function that goes beyond simple
compliance to efficiency and effectiveness, considers
operational (and in some cases legal) matters as well
as corporate process, and possesses specific expertise
in areas such as governance, risk management and
ethics. The purview of today’s internal audit
function covers the full expanse of an organisation
from board performance and operations through to
detailed business processes and technology and
environmental and stakeholder management. This
broad area of responsibility and its requisite skillset,
together with the heavy emphasis on risk
management and governance, provide an important
tool which can be used to assist the governance
professional.
How can the Company Secretaryutilise internal audit most effectively?
Internal audit represents a valuable resource to the
Company Secretary as it seeks to meet business
objectives, and especially as it relates to the
objectives of internal control:
• efficiency and effectiveness of operations
• reliability of financial reporting
• compliance with applicable laws and
regulations, and
• the safeguarding of assets.
Each organisation’s internal audit function
possesses unique individuals, skills and
competencies, which management broadly (and the
Company Secretary specifically) needs to understand
and then use effectively in helping meet its
objectives. Internal audit should not be a function
exclusively used by the audit committee. An internal
audit function, by its very nature of being internal,
is a part of management’s systems of internal
control and governance and thus should be an asset
and tool for management.
While the charter of, need for and capability of
each organisation’s internal audit function will vary,
Company Secretaries may find the following
suggestions helpful in determining how to best
leverage internal audit resources to achieve strong,
well-designed and effective risk management,
internal control and corporate governance processes.
• Utilise internal audit resources as part of the
organisation’s enterprise-wide risk management
and governance management to identify, source,
measure, prioritise and develop a plan to address
and manage the most significant business and
governance risks the organisation faces in
achieving its business objectives.
25
F EATURE
![Page 3: Company Secretaty and Internal Auditor](https://reader031.vdocument.in/reader031/viewer/2022021116/577cd8371a28ab9e78a0af95/html5/thumbnails/3.jpg)
26
I c o n t i n u e d
• Provide input to the internal audit function in the
development of the annual internal audit plan and
changes to the plan to focus limited resources on
risks and areas of the greatest importance.
• Discuss and develop plans for internal audit to
assist in efforts related to the organisation’s efforts
to comply with key legislation, (and for publicly
listed organisations) the Australian Stock Exchange
Principles of Good Corporate Governance and Best
Practice Recommendations.
• Consider how the internal audit function might be
used as a rotational management-training program
for the organisation’s governance professionals and
other managers.
• Support the internal audit function in connection
with key findings, and its plan for process owners to
make changes and improvements to internal
controls, governance and management
arrangements, and process issues and deficiencies.
• Visibly support and encourage the mission and
effort of the internal audit function. This should
also be reciprocated with the internal auditor visibly
supporting the role and objectives of the Company
Secretary.
• Work closely with the audit committee to help
ensure the internal audit function remains objective
and adds value to the organisation.
Joint guardians of governance, riskmanagement and control
Given the consistency of objectives of today’s Company
Secretary and internal audit (improved governance, risk
management, compliance and control) there is
significant scope for the two roles to work closely
together to achieve those objectives. By bringing
different perspectives, skills and authorities together to
bear upon the governance, risk management,
compliance and control of an organisation, there is real
scope to drive improvements in organisational
performance and conformance.
Mark Harrison is a Managing Director of Protiviti, an
independent international consultancy providing advice and
support in risk management. For more information on
Protiviti, visit www.protiviti.com.au. Mark can be contacted
on (02) 9240 0606 or at [email protected].
Notes
1 Bruce Adamec, Linda Leinicke, Joyce Ostrosky, W. Max
Rexroad, ‘Getting a Leg Up’, Internal Auditor, June 2005, p 42
2 Institute of Internal Auditors, Framework for the Standards for
the Professional Practice of Internal Auditing (Administrative
Directive No. 1)
3 Protiviti, Top Priorities for Internal Audit in a Changing
Environment , 2006, p 3G
F E B R U A R Y 2 0 0 7 K E E P I N G G O O D C O M P A N I E S
F EATURE