Fake omega



By Glen Talbot(CA) SA and Terrance Booysen and peer reviewed by Jené Palmer CA(SA)

People who occupy positions of authority include not only executive and non-executive directors of the board, but also managers who have the means of influencing or causing material changes in the organisation.  The latter, according to the South African Companies Act of 2008, are known as ‘prescribed officers’ and together with the organisation’s directors and internal auditors, can all be held liable for not ensuring that the interests of the organisation are being adequately served and protected.

It is therefore concerning that when the board or internal auditors are asked to comment on whether the organisation has a governance framework in place and to describe how this system serves the organisation, the answers are as numerous and varied as the number of individuals being asked.

Perceptions of what constitutes a governance framework vary across organisations and generally include -- as examples -- the organisation’s organogram, or the organisation’s delegations of authority, and most often the organisation’s obligations to a code of governance, generally under the custodianship of its Company Secretariat or legal department.  Rarely does it include a response where the board -- including the executive and internal audit -- describe their governance framework as a daily control system for keeping their finger on the pulse of the organisation to mitigate unwanted risks across all the dimensions of the business.

Corporate Governance Framework®

Not only is there a limited and narrow view of what GRC (governance, risk and compliance) matters should be tracked to ensure the organisation is being protected from harm, these groups of people, including the organisation’s prescribed officers, all appear to function with a different perspective of GRC, and its relevance to a governance framework.  They tend to lack a common GRC understanding and even a common GRC language which in turn leads to misaligned expectations, often resulting in unintended consequences.  Rather bizarrely, the governance framework which is meant to create common ground and provide assurance that proper systems and controls are in place at all levels within the organisation, is most often missing.

Given the countless failures of governance in organsations across the world, it begs the question regarding the current role of internal audit and their purpose in the organisation’s risk management and related processes.  If there is no GRC consensus across the people in positions of authority, nor proper (effective and efficient) systems and controls in place, it stands to reason that the primary functions of internal audit have not had the desired effect.  Moreover, internal auditors have tended to be narrowly focused on value preservation with a strict ‘control-mindset’, and arguably have not fulfilled their role -- whilst remaining objective in their functions --to act as contributors toward value creation within the business.

Internal auditors are increasingly being expected to broaden their strict ‘compliance role’ and to also focus on other governance elements.  Studies performed by the auditing profession support the view that the board, senior organisational leaders, regulators and key outside stakeholders now expect internal auditors to play a more meaningful role in matters such as strategic planning, raising capital, mergers and acquisitions, as well as operational growth initiatives.

In a PwC survey conducted globally amongst 1,600 Chief Audit Executives (CAEs) and their key stakeholders, fifty-four (54) percent of the stakeholders believe internal audit has increased their value, this being an improvement upon previous years.  Interestingly however, sixty-two (62) percent of stakeholders still expect more value from their internal auditors.

“Traditionally, internal audit has been reactionary, but that approach is changing.  Our value to an organization depends on furthering this change in course.”

Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, Global President and Chief Executive Officer of the Institute of Internal Auditors (2014)

Since the writing of the last two King Reports on Corporate Governance in South Africa, produced in 2009 (King III™) and 2016 (King IV™), these codes have received significant attention locally and abroad and have also been referenced in case law in some jurisdictions.  Both codes make reference to the importance for organisations to implement a governance framework as a GRC mechanism to assist the organisational leaders to direct and control their businesses.  Considering the broad scope of a robust Corporate Governance Framework®, this presents a perfect opportunity for internal auditors to expand their remit to meet expectations to deliver more value.

There is much debate about how the role of internal audit should change so as to underpin confidence in an organisation’s financial and non-financial information.  Expectedly, the role should evolve to include the implementation, management and monitoring of an organisation’s Corporate Governance Framework®.  The internal audit function should test the veracity of the organisation’s GRC reporting by scrutinising and assessing corroborating evidence.  In this way, internal audit will be able to strengthen the organisation’s combined assurance processes and provide greater comfort to the organisation’s stakeholders regarding the validity of management’s GRC health claims.

Having experienced the business impacts of Covid-19, the world has largely agreed that business is no longer “business as usual”, and the role of internal audit will probably never be the same again.  The typical reactive approach to risk management will need to evolve into a proactive approach, where internal auditors understand their value within the broader combined assurance model.  The required skill sets for internal audit and the CAE will need to evolve rapidly to include a greater understanding of the business drivers, business volatility and the impacts of current decisions on future prospects that affect the long-term viability of the organisation.


Words: 896

For further information contact:

Glen Talbot (CGF Lead Independent Consultant) - Cell: 082 545 4425 / E-mail: gtalbot@cgf.co.za

Terrance Booysen (CGF: Chief Executive Officer) - Cell: 082 373 2249 / E-mail: tbooysen@cgf.co.za

Jené Palmer (Lead Independent Consultant) - Cell: 082 903 6757 / E-mail: jpalmer@cgf.co.za

CGF Research Institute (Pty) Ltd - Tel: +27 (0)11 476 8264 / Web: www.cgfresearch.co.za


Follow CGF on Twitter: @CGFResearch

Click below to

Attached Files

Comments are closed.

Showing 0 Comment