Kevin et al (2005) explains that corporate governance is the way in which a firm is managed or controlled. Corporate governance has been a problem in the past following the scandals such as Enron and WorldCom which led to the biggest accounting fraud in history. These events have led to question the role played by the board of directors to tighten their corporate governance. The board of directors are responsible for the internal control system of the company while an internal auditor guides them to ensure that they run a good control system.
Companies are now required to comply with the corporate governance to strengthen and run the firm effectively (Cattrysee, 2005).
In this report, the author will carry out a research and find out what are the main roles of an internal auditor in the corporate governance framework. The author will be exploring the why companies audit their statements, why internal auditors are required and also discuss their role in the corporate framework.
What is an audit?
Get your grade
or your money back
using our Essay Writing Service!
Manson (2011) explains that audits is an inspection of a company's financial statement to give a true and fairness opinion and also increase credibility of the statements.
The main reason why companies carry out auditing is to check whether the information provided in the financial report gives a true and accurate reflection of the statements at a given date (Ziadat et al 2011). For example if it states in a company's financial report that they made a profit of £10,000, an auditor will cross check with their financial statements if they are accurate. The financial report that are audited are; statement of cash flow, statement of financial position, statement of changes in equity, and statement of comprehensive income. Manson (2011) states that auditors must comply with the auditing standards when auditing a statement and once they are done with the audit, they need to write and audit report which will be published in the company's annual report.
There are two types of auditing and they are:-
An external auditor is an auditor outside of the firm that are recruited to access the effectiveness and quality of the firm (Manson 2011).
In this report, the author will be focusing on the role of an internal auditor.
What is an internal auditor?
Ziadat et al (2011) explains that an internal auditor works in the firm and they examine the accuracy of their financial report to improve the company's operations. They are also responsible to assess the effectiveness of the risk management.
Internal auditors are important to companies because they provide integrity and accountability to governing bodies and senior management in the firm (Manson 2011). Some examples of the roles of an internal auditor are: -
Measuring the risk management
Accessing the internal control of the company
Recommendations to the management team.
Measuring risk management
Staciokas (2005) defines risk management as a system were companies assess the potential risk(s) and the steps they can take to minimize the risks. According to Staciokas (2005), there are three types of risk management and they are: -
External environment risk
Business process and loss of assets
External environment can be defined as the threat that does not affect a company internally. Some examples environment risks are competitors, changes in customer behaviour, and laws & regulation (Staciokas, 2005). The author argues that it is important for businesses to access their environment rise for example, if a new competitor enter into their market, they need to evaluate what the new company are offering to their customers and what the business can do to stay on top of their competitors. Information risks are the risk of poor information which can lead to bad decision making for the business (Kinney, 2003).
It is an important role for internal auditors to measure and evaluate the effective of these risks.
They can do this by reviewing the objectives set by the company and access the risk(s) that can have an impact to achieve these objectives (Ziadat et al 2011). Manson (2005) explains that if risks are detected, auditor needs to measure how they can minimize the risk(s) and also access the likely chance of it to occur. When risk(s) are detected, the auditors need to inform the management team in order to take any possible action to eliminate or reduce the impact of the risk(s).
Accessing the internal control
Always on Time
Marked to Standard
Rezaee (2010) explains that the internal control is the process carried out by the auditor to provide assurance based on the company's objectives by accessing the reliability of financial reporting, the effectiveness and efficiency of the firms operations and whether they have comply with the laws and regulations. The purposes of internal control are:-
Transactions carried out by the firm are approved before they are recorded
Transactions must be accurate so the company must account for the original transaction and the others that are recorded in the financial statements
All the transactions recorded must be valid meaning that they should show a fair view of the economic events.
Although there are some limitations to internal control, if an auditor checks the internal control of a company, it can help detect any risk(s) and how they can resolve it (Manson 2011).
Recommendation to management team
Adukia (2010) explains that an internal auditor needs to evaluate all the possible risk that can be identified for example if the company has incorrectly valued their inventory stock. An internal auditor must report to the management team in order to improve their stock valuation.
Rezaee (2010) comments that, if an internal auditor gives recommendation, it can help the performance of the company's by focusing on some aspect of the business such as risk management and internal control system.
Internal auditors in corporate governance
Yassin et al (2005) explains that corporate governance is an essential element which helps companies to be more efficient and also helps to build confidence for their investors. Staciokas (2005) states that the corporate governance forms the following elements: -
The audit committee
Internal auditor and,
Board of directors
The combined code (2004) explains that it is the duty of the audit committee to monitor and review the effectiveness of the duties performed by internal auditors. Companies need to work closely with their audit committee and their internal auditor because it can improve their corporate governance. Internal auditors need to reply on the audit committee as their primary client not their management, or they should see the audit committee as a source to get vital information (Verschoor et al 2000).
Internal auditor's opinion should reveal all the important information about the effectiveness of the company's governance and also to focus on all areas such as social, ethical and financial Rezaee (2010). As Rezaee (2010) stresses out that internal auditor opinion is very important in the governance framework, the Institution of Internal Auditors has set some standards that need to be followed by auditors to express an opinion. The following are some of the standards an auditor needs to follow to express an opinion: -
Relevance: - internal auditors' opinion is very crucial to the stakeholders of the company because these opinions can be available to the public so they need to make sure that the opinion given is appropriate. (Rezaee, 2010)
Planning: - internal auditor needs to plan their opinion before the recommend it. For example if they provide an opinion, they need to verify if it is right, they also need to give more information when they provide a positive opinion to the board of directors.
Rezaee (2010) clarifies that if when an internal auditor gives an opinion and recommendations, it can improve the company's governance in accessing the risk management and also their internal control systems.
The Institute of Internal Auditors (IIA) also explains that corporate governance is the process and structure that needs to put in practice by the board of directors in order to manage and monitor the success of the company. Cattrysse (2005) states that the audit committee depends on the internal auditor for their opinion about their internal control system so the Institute of Internal Auditors ensure that they guide their auditors to carry out good audit so that they can assist the management and board of directors. The Institute of Internal Auditors has some standards and practice for corporate governance that auditors should follow and they are: -
Performance standard 2100
Implementation standard 2120
Performance standard 2130
Performance standard 2100 explains the nature of the work according to Cattrysse (2005). An internal auditor carries out the audit and evaluate on risk improvement management, governance system and control. Cattrysse (2005) explains that this standard is important because it list the responsibilities of management and how the auditor's views leads to the overall judgement of the management process.
This Essay is
a Student's Work
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.Examples of our work
Institute of Internal Auditors (2012) explains that Implementation standard 2120 that the auditor must look into the risk of the company and making some suggestions into improving risk management. Furthermore, this standard explains the auditors must access risks that are related to the company's governance, operations and information systems which considers safeguard of assets, compliance with law, and regulations (Cattrysse, 2005).
According to the Institute of Internal Auditors (2012), performance standard 2130, the internal auditor needs to evaluate and recommend on how the company can improve their governance. Cattrysse (2005) says that they can do so by:-
Having the right ethics and values within the company
The company should have an effective performance management and accountability
Discussing the risk and control to the other areas of the company
Verschoor (2000) states that all listed companies should have internal audit functions which will help strengthen the relationship between corporate governance and the internal auditors.
How internal auditor can prevent fraud
The author agrees that another role of an internal auditor is to help prevent fraud. Manson (2011) explained about the Enron scandal in 2001 when the company lied about their profit they didn't reveal debts in order to publish them in their accounts. Draz (2011) defines fraud as deliberate misrepresentation or omitting the truth about financial information.
According to Bell (2010), preventing fraud is one of the most important aspects for every company but in the same way companies will not admit if they are in danger of fraud. Bell (2010) goes on to say that anyone can commit fraud in a company if they understand their internal control system well.
The combine code states that the board of directors should monitor their internal control system well to protect their shareholders investment and the assets of the company. (Verschoor, 2000). Verschoor (2000) goes on to explain that it is the duty of the internal auditor to provide assurance that the company's internal control is working well to prevent fraud.
In 2008, a report by KPMG estimated that £1.1 billion of fraud was heard in courts and fraud by managers, employees and customers increased in 2007. Managers were accountable for most of the fraud with £127million in 2008 (Manson, 2005)
The author argues that fraud is an important thing that companies should look into because at this current economy, it can lead to bankruptcy and employees out of work.
The Institute of Internal Auditors explains that it is the role of an internal auditor to help companies prevent fraud by examining the efficiency of their internal control system. The following are ways in which an internal auditor should consider when they want to detect fraud in a company: -
Carry out a fraud risk assessment: - Draz (2011) clarifies that an internal auditor must evaluate risk assessment which can help management to tackle potential fraud risks. Risk assessment should be conducted across the whole department of the company to identify the possibility of where the company can detect fraud and how they can eliminate it (Bell 2010)
Monitoring the company: - internal auditors should monitor the activates carried out by the company especially the computer software. By monitoring the software, the information about the company will not mislead investors (Bell 2010). Manson (2011) explains that monitoring process is important for large companies are very important because it certifies that the control system is working well.
Checking internal controls: - Cattrysse (2005) explains that auditors should check the company's internal control especially where controls are weak and where there's a possibility that fraud can arise.
Bostan (2010) explains the benefit of a company having an internal audit to control fraud is that they can assess the risk and make recommendation on how they can improve. Cattrysse (2005) states that some ways that the board of directors can improve fraud is by introducing correct sanctions, or introduce addition measures. An internal auditor can provide statistics relating to the likely outcome of fraud (Bostan 2010). The author argues that as an internal auditor communicates with the board of directors of a company, they are also more likely to detect fraud.
However, Draz (2011) argues that although one of the role of an internal auditors role is to detect fraud, they lack are not experts in that field who are generally responsible for detecting and investigating fraud.
Overall, the author agrees with Cattrysse (2005) that the board of directors should encourage their internal auditors to examine and prevent fraud as this will lead to a good corporate governance.
Advantages of an internal auditor
The benefits to a company for having an internal auditor are: -
Internal auditor provides information to the board of directors to help the effectiveness of control. They are important as they provide recommendation on how the company can improve their performance (Rezaee, 2010)
There's no additional cost as the internal auditor is also an employee in the company instead of recruiting an external auditor
An internal auditor helps in keeping the company's accountant up to date with their records and to prevent fraud (Draz, 2011)
If an internal auditor detects an error, it will be eliminated before the company prepares their financial statements
Disadvantages of an internal auditor
The downfalls to a company having internal auditors are: -
Internal auditor's report is not accepted by the company's shareholders instead they want a report from an external auditor. (Draz, 2011)
Internal audit are done by an employee(s) in the company, so the information provided could be biased so as a result, the company cannot rely on such reports
The chances of an internal auditor detecting errors could be high because the audit is not done by a professional auditor (Staciokas,2005)
Differences between an internal and external auditor
The difference s between an internal and external auditor is that external auditors are appointed by the shareholders of the company although internal auditor is an employee working in the company (Manson, 2011). External auditor's duty is to check the financial statement while an internal auditor role is to check the internal control system of the company. Draz (2011) explains that the report by an internal auditor is not accepted by the shareholders but only the report by an external auditor.
To conclude, the author agrees that corporate governance is an important issue for companies because it helps increase the accountability of a company, and to prevent or avoid risk that may occur. The author agrees with Akrani (2011) by saying that shareholders are the owners of a firm but they do not have inactive control over the board of directors. Shareholders only attend annual general meeting so the need for corporate governance is important so that the directors of the company cannot misuse their power for their own benefits. Internal auditor can be helpful to businesses because they can access their internal control well and give feedback to the board of directors if they need to improve. The author argues that if an internal auditor checks all the transactions carried out by the company, they will not need to appoint an external auditor to check their financial statement because is more likely that it will be accurate and this will reduce their cost. Draz (2011) mentions that there's been a rise of scams and fraud in recent years. Internal auditor can prevent fraud by checking the internal control system of a company regularly, checking all the departments of the company. Again, corporate governance can help prevent frauds in a company.