How does IA help in protecting shareholders’ investment and enhancing shareholder value?

Date: April 21, 2016

Untitled Document

As boards of directors are responsible for providing the direction for organizations, they must make decisions objectively and act in the best interest of the organizations, and be honest and diligent in carrying out their duties. They play a key role in business operations, providing oversight and support for corporate strategy. The board and management must ensure that all strategic initiatives are designed to enhance shareholder value. A director owes his duties to the shareholders to act in their best interests.

With shareholder value being the value enjoyed by a shareholder through the possession of shares of a
company, a shareholder would desire to have the company delivering more to him. It is also one of the
most important objectives of companies to enhance shareholder value. The average shareholder, who is
typically not involved in the day-to-day operations of the company, relies on the board of directors,
management and the company’s employees to protect and further his or her interests.

With the goal of businesses to increase shareholder value, it means that to increase the value delivered
to shareholders because of the organization’s ability to grow earning, dividends and share prices. To
safeguard shareholders’ interest and the company’s assets, the board should ensure that management
maintains an adequate and effective system of risk management and internal controls. A robust
governance structure will help boards to function effectively by instilling confidence in shareholder that
the company is well governed. The board, with the concurrence of the audit committee, is required to
provide an opinion on the adequacy of the internal controls, addressing financial, operational and
compliance risks.

With the business environment changing rapidly, the role of the director has to take on the challenge of
economic uncertainty, more complex organizations, increased changes in regulatory environment, and
fast changing technological environment. The internal audit function assists the board’s Audit
Committee in promoting a sound system of internal controls and good corporate governance in the
organization. Using a risk-based methodology, the internal auditors perform periodic audits to assess the effectiveness of the organization’s internal controls in addressing financial, operational and
compliance risks, as well as its information technology controls and risk management system. The
internal audit function is responsible for assessing whether existing policies, processes and internal
controls (including risk management, compliance and corporate governance processes) are
independent, effective, appropriate, and remain sufficient for the organization. The new and
generalized mission statement of internal auditor is “to enhance and protect organizational value by
providing risk-based and objective assurance, advice, and insight.”

With the unique position of IA in an organization, internal auditors possess a good and objective
understanding of the culture, system of internal control, operations, and industry. Internal audit’s role
with its knowledge of the organization’s key risks, and its enterprise-wide view enables it to contribute
important perspectives to the organization. The internal audit’s role is pivotal in providing independent,
objective assurance to the board or the audit committee on the performance of the organization. The
audit committee should rely upon them for assurance about the organization’s control environment and
processes. This includes the significant control process issues, potential improvements, and actions
implemented to resolve; as well as the overall adequacy of internal controls.

It is stated in the Singapore Code of Corporate Governance 2012 (Principle 13) that a company should
establish an effective internal audit function that is adequately resourced and independent of the
activities it audits. The internal auditor’s role is pivotal in providing independent, objective assurance
and consulting activities to the Board or the Audit Committee designed to improve the company’s
operations. It should be the major source of information to the Audit Committee on the performance of
the entity. In October 2015, the Singapore Exchange announced that it would review the annual reports
of listed companies to ensure their compliance with the Singapore Code of Corporate Governance. SGX
Chief Regulatory Officer shared that there is a misconception that the CG Code is optional, the review is
to determine how listed companies comply with the CG Code.

In the past decades, we have seen financial instability and corporate failures that have resulted in
significant losses of shareholder value in the United States, Europe, and Asia. In some cases, scandals
have caused organization to have even ceased to operate like the Barings Bank. These incidents were seen primarily as failures of management integrity, risk management, and governance. With confidence
being undermined, greater importance has been placed on corporate governance. It would appear that
an organization’s commitment to good governance falls short when there is no internal audit. In an
organization with no internal audit function, one may ask the question that which function is able to
provide independent and objective assurance and insight to the board of directors.

The Institute of Internal Auditors (IIA) formally recommended to the U.S. Securities and Exchange
Commission (SEC) that all publicly traded companies to be required to have an internal audit function.
The IIA’s letter to the SEC outlines the case for internal audit to serve as a foundation for — if not a
catalyst to — restoring investor confidence. The presence of an effective internal audit function signals
unequivocally management’s and the board’s support of strong and effective risk management, internal
control, and governance.

Effective internal controls help an organization protect and enhance shareholders’ value and reduce the
possibility of unexpected losses or damage to its reputation. Internal controls are the policies,
procedures and processes established by the Board of Directors and senior management to provide
reasonable assurance on the safety, effectiveness and efficiency of the organisation’s operations, the
reliability of financial and managerial reporting and compliance with regulatory requirements. Fraud can
destroy an investor’s confidence and also destroy shareholder value. The discovery of fraud in a
company’s is likely to cause numerous impacts, not only leading to unwanted media attention but also
devastating a company’s reputation.

Forward-thinking organizations do not view internal controls as a cost of doing business, but rather as a
strategic investment critical to business resilience, efficiency and success. With organizations being
forward-looking and sensitive to strategic opportunities, led by forward-looking board of directors and a
team of competent senior management and staff, at the same time, supported by an internal audit
function will enhance the shareholder’s value, meeting the objective of the existence of the

Contributed by: Ms Tan Boon Yen, President, IIA Singapore