GARP[R]: a tool to drive internal auditing.

• Author: Frampton, Joanne
• Position: GARP ARMA INTERNATIONAL

[ILLUSTRATION OMITTED]

The Generally Accepted Recordkeeping Principles[R] (CARP[R]) can be used to drive records and information management (RIM) improvements in all kinds of organizations. When RIM is incorporated into the corporate governance and risk management framework and integrated into the internal audit regime, the CARP[R] methodology can underpin and drive the entire audit process.

Over the last 20 years, there has been significant growth in the importance of corporate governance in the United States and the United Kingdom (UK). This is, most notably, in response to a series of financial scandals and crimes.

These scandals date back to the 1980s in the UK with two high-profile cases, one involving the Bank of Credit and Commerce International and the other involving textile company Polly Peck International. Two of the most notable scandals in the United States' occurred in the 2000s and involved energy company Enron and communications company WorldCom.

These events forced governments in both countries to take positive action, giving rise to the growth of corporate governance.

According to the UK's Cadbury Committee, which was established in 1992 to review this area and make recommendations, corporate governance is "the system by which companies are directed and controlled" and deals with the roles and responsibilities of the organization's board and management with respect to its major stakeholders (i.e., shareholders, employees, and general public).

A direct descendant of Cadbury is the UK Corporate Governance Code (which replaced the Combined Code in May 2010), which sets out standards of good practice in relation to board leadership and effectiveness, remuneration, accountability, and relations with shareholders. All organizations with a premium listing of equity shares in the UK are required under the listing rules to report in their annual reports and accounts how they have applied the code.

In the United States, the George W. Bush administration's swift response to Enron was the Sarbanes-Oxley Act of 2002, which was expressly designed to increase the financial accountability of senior executives with a threat of utilizing large personal fines and even prison sentences for transgression.

Rise in Corpnrate Governance Spurs Internal Audit

The corporate response to these recommendations and the potential threat of this new legislation was to increase the level of transparency with respect to corporate governance and their financial policies and procedures. This was evidenced by the routine publishing of reports (e.g., the code of business, corporate governance statements, and statement of ethics) and the growth of an internal audit function designed to support the measurement of the grand statements made in these documents.

Of course, the initial focus was on all things financial, but the scope of corporate governance has since expanded to include such areas as environmental credentials, corporate reputation, IT security, and information management.

For example, the international mining firm Rio Tinto's The Way We Work document contains a section on group assets and information management, stating that "All Group records must give a true and fair view of the state of our business affairs...