How internal auditing can improve corporate governance



Corporate governance is "the range of control mechanisms that protect and enhance the interests of shareholders of business enterprise" (Baker, C., 2002). Corporate's governance role is very important as it deals both with the internal and the external environment of the company and the relationship between them. As it is described in figure 1, the internal governance, is consisted of the Board of Directors which is responsible for "supervising" and monitoring the management. Management has the role of the representative of the shareholders, decides in which assets is more profitable to invest. On the other side of the figure, the external governance is presented. It is consisted of the shareholders and describes the intension of the company to raise capital. These two different, separated parts of the diagram show the importance of the corporate governance. (Gillan, S. 2006)

In Europe and the United States as well, corporate governance was mostly applied during the 2000s, after a series of financial scandals and bankruptcies, as for example the Enron's case in Houston and the Parmalat's in Italy. In order to prevent similar incidents, the Sarbanes-Oxley Act (SOX) in the United States and the Cadbury Report in the United Kingdom, two of the most well-known sets of federal and business regulations, aim to strengthen the corporate governance policies of the companies. (Morariu, A., 2009)

Lady using a tablet
Lady using a tablet


Essay Writers

Lady Using Tablet

Get your grade
or your money back

using our Essay Writing Service!

Essay Writing Service

Internal audit is "an independent and objective activity that gives insurance to the entity regarding the degree of operations control, guiding in order to improve its operations and that contributes to the creation of added value". (Morariu, A., 2009)

The basic goal of the internal audit is to give the Board and the management information about the system of internal control and its effectiveness. Hence, the role of the internal control is to support and strengthen the risk management in order to help the company achieve its objectives easier and safer. (KPMG, 2007)

Moreover, the relationship between the corporate governance and the internal audit is to enhance the interests of the shareholders by certifying whether the financial statements presented are fair and true. (Baker, C., 2002)

The nature and importance of internal audit in corporate governance

As it is already mentioned, the role of the internal audit is supportive. It helps in improving the effectiveness of the risk management, control and the governance processes. So, internal audit does not only serve the needs of the Board of Directors, but the audit's committee, the shareholder's, the regulator's and the external auditors as well. (Deloitte, 2009)

Though internal audit role exists in order to add-value to the companies and enhance their viability and competitiveness, it is not always working as it should do. Apart from the supporting and supervising mission, it can also be advisory as it gives the opportunity to identify any potential weakness the company is attending, not only in financial but in business level as well. Moreover, it can assure the Board of Directors about the way the internal control of the company is functioning. (KPMG, 2007)

It is also remarkable, that the internal audit gives the opportunity to the auditors to gain the appropriate knowledge and objectivity needed in order to become an executive or director in the future. The position of the auditor is undoubtedly of great importance; a key position as it could be claimed. Of course no one can assure that, but the qualifications and the experience gained during such a career are able to add a competitive advantage to a prospective executive. (Allen, S., 2008)

The internal audit objectives vary in accordance with the company's nature, structure and management. The most important among others are:

Examining the accounting and internal control system

Evaluating risks and internal control framework

A priori reviewing areas which may conceal risk

Examining and evaluating information; financial and operational as well

Reviewing the economic statement, the efficiency and effectiveness of the company and the possibility of achieving corporate goals

Systemically analyze business process and announce whether there are signs for irregularities (Morariu, A., 2009)

However, all those important aspects of the internal audit presented may lose their reliability if the internal auditors are not independent. That could be achieved when the auditors do not deal with daily business processes that are being audited. Secondly, the internal auditor should be able to act and announce reports when he believes it is necessary, to the Board of Directors and the Audit Committee. (KPMG, 2007)

Lady using a tablet
Lady using a tablet


Writing Services

Lady Using Tablet

Always on Time

Marked to Standard

Order Now

It is already obvious that what is called internal audit is not the same with the internal control. The latter is a system which guarantees the achievement of the objectives which were set. It is consisted policies, rules, guidance which can promote an effective operation of the company. It gives the advantage of dealing with the company's liabilities and informs about the amount of assets existing in order to enable management. In addition, it promotes the quality of reporting by giving reliable and on time information. The major responsibility for the well function and the importance of the internal control lies on the Board of Directors. But the employees are responsible as well. (KPMG, 2008)

The relationship between the internal audit, the audit committee and the external auditors in the Sarbanes-Oxley era

One of the most important problems that the corporate governance is facing is the information asymmetry that exists between the principals and the agents of a company. This is arising because of the so called agent problem, where the managers want to increase their interests while on the other hand the shareholders want to increase their interests. It is a common phenomenon in a company, having managers, shareholders and lenders who have different information about the same case; the value of the assets for example. (Brealey, R., 2008)

The internal auditing plays a crucial role in a company, particularly to the accountability which exists among corporate management and the audit committee, therefore the agent problem discussed above. (Sarens, G., 2009)

The audit committee is able to reduce as much as possible the information asymmetries. Though, it is often that an audit committee does not always have all the necessary information needed, when it collaborates with the internal audit, risks are minimized. It is important for the audit committee to be informed about things that occur in the company. If there is at least an annual meeting between the two parties, then the committee could be familiar with the effectiveness of the internal control and the risk management system; two very important elements of the corporate governance. (Sarens, G., 2009)

As it s clear, the role of the audit committee is crucial and could be really effective if it is understood that the committee should be consisted of qualified and responsible members who are focused on the common interest of all parties involved in the company. Moreover, it is significant to ensure that during the meetings the committee has a holistic view of the situation. Hence, the information that they are going to receive should not only be related with the financial performance of the company but everything that could influence the healthy existence of it. (Al-Ajmi, J., 2009)

When the internal audit has a close relationship with the audit committee and reports to it, there is a greater possibility of transparency, than if the management is involved. In short, the possibility of having inaccurate outcomes is minimized. When the management does not intervene between the internal audit and the audit committee the communication among internal and external auditing is encouraged. In spite of these benefits, there is also the chance of coming across to undesirable results. If the internal audit develops such a close relation with the audit committee, the management may try to limit the amount of information the audit has access to. That may seem to be illogical, but may happen in order to prevent adverse effects. Moreover, it is obvious that because the committee does not have a daily presence in the company may lack information about the internal control and generally issues that are related to its existence; an element which may make the process of auditing difficult. (KPMG, 2008)

The contribution of external auditing in corporate governance is important, not only because manipulation incidents by managers are restricted but because shareholders could feel more protected and sure about the reliability of the company's reports. When an independent external audit intervenes on financial reporting, objectivity and integrity are usually promoted. The fact that an out-of-the company qualified mechanism is applied on financial reports could prevent intention or non intention manipulations and minimize costs. Since, all procedures are examined by the external auditors, enormous amounts of managers' bonuses, remunerations and pensions are deterred. In the after-Enron era, systematic external auditing is proved to improve corporate governance. (Ojo, M., 2009)

Lady using a tablet
Lady using a tablet

This Essay is

a Student's Work

Lady Using Tablet

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Examples of our work

As it is analyzed above, the knowledgeable level of the audit committee is linked to the collaboration with the internal and external auditors. The more often the meetings between these parties the more easily the evaluation of the effectiveness of internal control over financial reporting. Moreover, the audit committee can ensure about the relationship which exists between the management and the internal audit. (Sarens, G., 2009).

After the Enron's collapse in 2001 and a series of other financial and corporate scandals (the WorldCom's, the Parmalat's, and others), the need for corporate governance changes was mandatory. In 2002, in the USA, the Sarbanes-Oxley Act (SOX) came to reform the unpleasant environment which was created. The SOX is consisted of 11 sections with rules and regulations related to auditor's independence, corporate responsibility, corporate fraud accountability and other crucial topics. Section 404 of the act gives instructions related to internal audit. (Gillan, S., 2007)

According to the Sarbanes-Oxley related section, internal auditing should:

Consult on internal control which is on use in the company and propose new methods if necessary

Keep a supporting role in the company as far as the evaluation and identification of the risk methodologies that are being used

Examine the role of the management and support it when it designs tests which are to measure the effectiveness of the internal control

Help in the training and informative part of the internal control

Moreover, according to the SOX act, the role of the management is limited and has to do only with overseeing whether internal control is applied on financial reporting; something that is already analyzed above. (Deloitte, 2009)

Measuring the effectiveness of internal auditing

It is very important for a company to be sure that internal audit functions work properly. Factors such as independence and objectivity, flexibility, foresight, innovation, corporate objectives oriented, are some of the characteristic a quality internal audit should have. Though, the quality of auditing is not considered to be granted. It is not directly and immediately obvious that there are failures; for that, an enterprise often understands that problems exist in the case of a business failure. There are examples for that; maybe the most famous is that of Enron's. (Al-Ajmi, J., 2009)

There are two models which are mainly used to measure the audit's effectiveness and efficiency; the continuous quality assurance model and the self-assessment. The continuous quality assurance is a process which is sometimes considered to be part of the internal audit's own set of controls. It is built into the job descriptions and operating routines. There is not a specific timeline which should be followed, but it is approved to be helpful when it is in frequent use. The self assessment model is used every two years and uses the audit staff's experience to identify whether internal audit functions properly. (Deloitte, 2009)

Although the benefits of using a systematic measuring system are proven to be beneficial for the good operation of internal auditing, not all companies manage to follow one. Lack of standards, difficulty in measuring impact, lack of adequate resources, high costs, time pressure are some of the reasons why companies fail to use such measures. (Austin Charter Research Committee, 2009)

According to SOX, it is vital for an enterprise to adopt internal audit's measuring models as it gives to the function the opportunity to make changes if necessary, in order to avoid a failure. It also helps the management and the audit committee to understand the business needs and weaknesses and improve processes. (Deloitte, 2009)

The global financial crisis and corporate scandals

The global financial crisis of 2007-2009 proved that most of the companies which were most affected suffered from weak internal control, questionable ethics and shortcomings in accounting reporting. In the table below, four of the most well-known corporate scandals are briefly presented. (Crawford, J., 2007)

Enron's scandal was accrued because of the inability of the audit to discipline the management. Though there were signs of the failure, they did not manage to react properly in time. Moreover, the enormous gains of the Chief Financial Officer (CFO) and an insufficient internal audit, led the company in bankruptcy. As far as the WorldCom' failure, there were manipulations of the cash flows and operating expenses were treated as capital investment for a long period, before internal auditing finally announced the real financial position of the firm. (Gillan, S. 2006)

In response to the corporate scandals which were disclosed in the 2000s the SOX act made several reforms in corporate governance policies. Proposals for enhanced board independence, strengthening of the internal controls, separated role of the chairman and the CEO and direct reporting of the external auditors to the audit committee are some of the actions promulgated.


An efficient and effective internal audit functions is able to help a company gain competitive advantage by achieving their objectives, identifying risk and business insufficiencies.