Internal audit effectiveness at governmental authorities, agencies and companies : a study

Abstract

Purpose: The study was carried out by analysing the governance structure as well as the risk management and control function of the governmental organisations.

Design: A predominantly qualitative mixed methodology was adopted in order to achieve the objectives of the research study. A total of 18 semi-structured interviews with internal auditors and audit committee members were carried out. Additionally, a questionnaire was handed out to all governmental authorities, agencies and companies.

Findings: When assessing the governance structures of governmental organisations this study found that a slight majority of organisations have a separation of the roles of the chairman and the CEO. With regards to the size and structure of the board, the majority of government organisations have a board which is entirely composed of non-executive directors. The presence of an internal auditor and audit committee was found in 9 out of 17 governmental organisations, while the majority of organisations did not have external members but only members of the BoD sitting on the audit committee. Furthermore, various interviewees agreed that the internal auditor is still seen as a corporate cop. With respect to the risk management and control function, the majority of the interviewees remarked that the internal audit plan is based on a risk based approach. Moreover, only one entity had an internal auditor who is a Certified Internal Auditor (CIA). Finally, all interviewees remarked that they did not conduct any internal or external quality assurance at their organisation.

Conclusion: The study concludes that improvements are still required for governmental organisations in order to have an effective and strong internal audit function. For example, items such as a corporate governance policy manual, a risk appetite statement, and an internal controls policy manual were still generally lacking in governmental organisations.

Value: It is hoped that this study will contribute towards fostering more awareness regarding the benefits of the internal audit function, especially in governmental organisations. Hence, if governmental organisations really want the internal audit function to be a tool for good corporate governance, risk management and control, they must make serious effort to ensure that their internal audit function is in line with the Institute of Internal Auditors’ standards.