KUALA LUMPUR: Internal auditors’ role in companies are challenged when shareholders or owners treat their recommendations or statements as “noises”, instead of recognising them as a partner in enhancing good governance practices, said the Institute of Internal Auditors (IIA) Malaysia.
“There have actually been studies indicating that better governance translates into better shareholders premium.
“If you look at the share price of some multinationals in overseas countries, the fact their share price has seen a steady growth is due to governance being in place,” said IIA Malaysia vice-president Mohd Khaidzir Shahari in a recent interview with The Edge Financial Daily.
He stressed that there is no grey area when it comes to the role internal auditors have to play in keeping a company on the straight and narrow.
“A robust internal audit plan is one that encompasses the areas of governance, risks and controls (GRC), three key elements to ensuring a company’s [performance] is sustainable.
“If GRC is covered, there should not be any grey areas to the internal audit function, unless the areas touching on governance, which involves the board of directors, is influenced by the audit committee. In that sense, a weak internal auditor can be associated with a weak audit committee,” said Mohd Khaidzir.
The other challenge for internal auditors is overcoming the perception that they are just there as “gatekeepers”.
Pigeonholing may seem natural, given that the traditional role of the internal auditor is on compliance, but Mohd Khaidzir said corporations should realise that there is so much more that internal auditors can offer to an organisation, like providing consultation to enhance efficiency.
In the International Professional Practices Framework, which is a conceptual framework that sets out the authoritative guidance promulgated by the IIA, the role of the internal auditor is to provide not just assurance but consulting activities.
The mission is to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight.
And internal auditors should follow a certain set of guidelines and standards when carrying out their duties, such as the International Standards for the Professional Practice of Internal Auditing (Standards) by IIA, said Mohd Khaidzir.
“One of the requirements of the Standards is for the internal audit function to be reviewed at least once in every five years by an accredited external party.
“However, not many corporations are practicing this as it is not part of the listing rules to have the internal audit function reviewed,” said Mohd Khaidzir.
The recent Proposed Draft of the Malaysian Code on Corporate Governance (CG) 2016, posted on the Securities Commission Malaysia website, cited the IIA’s Standards as an example which the internal audit function could adhere to.
“The proposed draft of the Malaysian CG Code 2016 has opened up a lot of opportunities for the IIA to provide our services.
“For example, there is a requirement in the code for the head of internal audit, or the outsourced internal auditor, to be a member of a professional body and also to have received relevant training for executing the function.
“The IIA could then provide training and continuing professional education hours for internal auditors as well as certification programmes such as Certified Internal Auditor, Certification in Control Self-Assessment and many more,” said Mohd Khaidzir.
IIA Malaysia currently has over 3,000 members. Globally, the institute has about 200,000 members.
On Oct 10 and 11, IIA Malaysia will be organising its 2016 National Conference. Themed “Navigate Waves of The Digital Revolution”, the conference aims to highlight the potential threats and insights of riding the wave of disruptions from this digital age, and give emphasis on good governance and ethical decision making.