Corporate governance: point of view.

• Position: Trends of internal auditing

The recent focus on corporate governance offers internal audit the opportunity to become a more active and strategic team player. It is internal audit's time to be proactive and recognized. Management and boards of directors are looking for greater contributions from the chief audit executive (CAE) and internal auditors. Internal auditors can fulfill the heightened expectations by taking a more holistic view of corporate governance and align internal audit skills and activities to assess, improve and monitor their organizations' corporate governance capabilities. The CAE must understand all the components of corporate governance and where internal audit can support the organization.

Summary

Corporate governance, until fairly recently, was viewed largely as the province of boards of directors and legal compliance officers. That narrow view, however, is fading fast. Good governance is a journey that begins with a broad, organizational perspective. Making steady progress requires committed senior leadership, integrated planning, coordinated execution and constant monitoring.

Monitoring is one area where internal audit can add significant value, and still be true to its mission, objectives and standards. Internal audit's responsibilities are growing due to increased regulatory scrutiny as well as directives from organizational executives to strengthen controls and improve risk management. Increasingly, business leaders expect internal audit to play a more strategic--rather than merely tactical--role in the governance process.

At a high level, corporate governance can be thought to have seven interrelated components: Board of Directors & Committees, Disclosure & Transparency, Business Practices & Ethics, Legal & Regulatory, Risk & Performance Management, Monitoring, and Communication.

Internal audit performs critical roles in all aspects of corporate governance by:

** Supporting the audit committee in fulfilling its heightened responsibilities;

** Participating in the organization's Sarbanes-Oxley Section 302 disclosure committee;

** Reviewing the effectiveness of the organization's code of conduct, ethics policies and whistleblower provisions;

** Helping assess risks and gauge performance across the organization;

** Monitoring corporate governance activities and compliance with the organization's policies; and

** Facilitating and enhancing communications with the chief operating officer, general counsel, chief financial officer, chief information officer and other oversight executives.

The rewards of improved corporate governance are not merely a greater sense of personal accomplishment or of company pride. Researchers at the University of Michigan Business School, along with several other business and academic studies, have found a strong correlation between effective governance and profitable investment opportunities. Internal audit plays a pivotal role in this process by fostering an integrated, well-planned and progressive governance program.

Trends

In the boom times of the 1990s, people's trust in business grew along with rising stock prices. Risks, controls and ethics garnered limited serious interest from much of the media and many investors. Internal audit began to allocate resources based upon risks and gained increased visibility with executives, but staffing levels were relatively constrained and audits often focused on performance improvement opportunities.

Potential impact to stock prices and recent regulations, including emphases on anti-fraud and whistleblower provisions, compel auditors to take a more active role in governance. In 2003, the Securities and Exchange Commission (SEC) approved final versions of revised New York Stock Exchange (NYSE) and Nasdaq requirements. The NYSE now requires that listed companies have an internal audit function.

The Institute of Internal Auditors has clarified roles and responsibilities by affirming the importance of risk management and corporate governance. Internal auditing, according to an institute definition, "... helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes." The Institute's revised International Standards for the Professional Practice of Internal Auditing calls upon internal auditors to evaluate and offer recommendations to improve governance processes.

The need for a broader, more strategic perspective is being reinforced by the Enterprise Risk Management (ERM)--Integrated Framework developed by The Committee of Sponsoring Organizations of the Treadway Commission (COSO). This ERM model, released in September 2004, advises the adoption of a broad portfolio view of managing risk. The framework calls for a comprehensive view of the many factors that may keep companies from achieving their business objectives.

Challenges

Internal audit will always have the challenge of remaining independent and objective, yet being part of the organization. In this age of intense scrutiny over...