Governance Audit is broad based, traversing the structural and functional areas of the Organization under consideration and varying from organization to organization. Governance Audit examines the existence and effectiveness of governance instruments, policies, structures, systems and practices in an organization within the legal and regulatory framework and in accordance with best governance practices. It is an assessment of the practice of governance as envisaged under the following parameters:
a) Ethical Leadership and strategic management;
b) Transparency and disclosure;
c) Compliance with laws and regulations;
d) Communication with stakeholders;
e) Board independence and governance;
f) Board policies, systems, practices and procedures;
g) Consistent shareholder and stakeholder value enhancement;
h) Corporate social responsibility and investment; and
i) Sustainability.
Enhancing Governance Audit Effectiveness
Governance Audit effectiveness is enhanced by:
a) Proper planning and preparation by all parties.
b) Common understanding of the Governance Audit tools and checklists.
c) Use of structured simple open ended questionnaires.
d) Use of appropriate communication and feedback channels.
e) Effective management of logistics by all parties.
f) Compliance by all parties with the requirements of the Governance Audit.
g) Teamwork.
h) Provision and collection of accurate and complete data and information.
i) Proper time management.
j) Being diligent in data and information dissemination.
k) Use good interviewing and listening skills.
l) Effective data and information capture and analysis.
m) Projection of professional image.
n) Observance of the laid down protocols.
o) Open and continuous communication between the Governance Auditors and the organization.
Selection of a Governance Audit Approach
The overall Governance Audit approach is a central element of any Governance Audit. It determines the nature of the examination to be made and defines necessary knowledge, information, data, Governance Audit procedures and analysis required.
Auditing generally follows one of three approaches:
a) a system-oriented approach, which examines the proper functioning of management systems, e.g. governance management systems;
b) a result-oriented approach, which assesses whether outcome or output objectives have been achieved as intended or programmes and services are operating as intended; and
c) a problem-oriented approach, which examines, verifies and analyses the causes of particular problems or deviations from criteria.
Selection of the approach also determines the methods and means used for conducting the audit. Some of the methods which could be used in conducting audits include: surveys, analysis of procedures, use of existing data, analysis of results, etc.
Governance Audit Cycle.
The process of Governance Audit can be summarized by the following cycle.
Figure 1.0 The Governance Audit Cycle
Governance Audit Engagement
The engagement of a Governance Auditor shall be in accordance with the Governance Audit Guidelines (GAG) on Appointment of Governance Auditors.
Management Representation
a) The Governance Auditor shall obtain written representations from Management on matters material to the governance report when other sufficient Governance Audit evidence does not exist. The written representation shall include:
(i) Management’s responsibility for the design and implementation of governance practices and governance control systems; and
(ii) Where Management is of the view that the effect of those uncorrected governance self-assessment reports and misrepresentations noted by the Governance Auditor during the Governance Audit are immaterial.
b) Where representations relate to matters that are material to the governance self-assessment report, the Governance Auditor shall:
(i) Seek corroborative Governance Audit evidence from sources inside or outside the organization;
(ii) Evaluate the reasonableness of Management representations and consistency with other Governance Audit evidence; and
(iii) Consider whether the individuals making the representations are knowledgeable on those particular matters.
c) Where Management representations are contradicted by other Governance Audit evidence, the governance auditor shall investigate the circumstances and, if need be, reconsider the reliability of other representations made by Management.
d) Management’s representations shall be in writing to reduce the possibility of misunderstandings between the Governance Auditor and Management.
e) Where Management refuses to provide a representation then this constitutes a limitation in scope and consideration shall be given to expressing a qualified opinion or a disclaimer of opinion.
Self-Assessment
An Organization shall conduct a self-assessment based on the Self-Assessment Tool as issued by the Institute
Governance Self-Assessment Report
Governance Self-Assessment Report is a structured representation of the practice of governance as prepared by Management of an organization based on the self-assessment tool provided by the Institute. The Governance Self-Assessment Report includes accompanying notes and evidence derived from governance records and intended to communicate an Organization’s governance status and compliance obligations at a point in time in accordance with a Governance Reporting Framework.
a) Based on the results of the self-assessment, the Organization shall prepare a Self-Assessment Report highlighting the general status in the practice of governance by the Organization, areas which have been fully complied with, areas which have been partially complied with and areas of non-compliance. Management shall also indicate the reason of such partial or non-compliance and provide a compliance plan. In addition to the structure provided for in the self-assessment tool, the Organization shall disclose in its Self-Assessment Report the compliance status on any other industry specific obligations.
b) The Self-Assessment Report and the fully completed self-assessment tool shall be tabled before the Board for consideration, adoption and formal approval for signing and submission to the Governance Auditor.
c) The approved Self-Assessment Report and the self-assessment tools shall be signed by a Board member or CEO and the Secretary.
d) The Secretary to the Board and other officers responsible for governance shall attend training on the self-assessment process and their responsibilities in the Governance Audit process.
e) The supporting documents that shall accompany the Self-Assessment Tool and the self-assessment report may include: Audited accounts of the last three years; Minutes of the last three Board Meetings; Written policy for induction of Independent Directors; Code of Corporate Governance; Human Resources Policy for recruitment, training, remuneration and staff welfare, made known to its employees; Whistle Blower Policy; Policy for Succession planning at senior levels of management just below the Board Level; Appraisal policy for reviewing effectiveness of the Board of Directors; Corporate Disclosure Policy; Policy of ESOPs (where applicable); Policy on Corporate Social Responsibility; Carbon emission control document;(where application) Creativity and innovations policies; Corporate Strategy; and other relevant industry specific governance documents.
Desk Review and Field Work
a) After receiving the signed Self-Assessment Report, signed self-assessment tool, accompanying evidence and relevant documents, the Governance Auditor shall conduct a desk review of the Organization’s governance policies and practices. The purpose of the desk review exercise is to ascertain the accuracy of the self-assessment report and the completed Self-Assessment Tool against evidence and documents provided.
b) For purposes of gathering further evidence, the Governance Auditor shall schedule site visits to the organization. The purpose of site visits is to seek further evidence and clarification on the contents of the completed Self-Assessment Tool and Governance the Self-Assessment Report. The visits will also enable the Governance Auditor to meet with persons charged with the responsibility for governance in the organization including the Board, Internal Audit Committee, Chief Executive Officer, Certified Secretary, Internal Auditor, and members of Senior Management.
Management Letter
a) The purpose of a Management Letter is to communicate key internal governance control systems and other issues that may have been noted in the course of the Governance Audit.
b) The Management Letter also provides advice to Management on how to govern the organization more effectively.
c) While preparing the Management Letter, the Governance Auditor shall comply with the prescribed format of Management Letter.
d) The Management Letter shall highlight:
(i) Deficiencies in the governance and compliance systems and records;
(ii) Deficiencies in the design or implementation of internal governance control;
(iii) Areas where efficiency in management could be improved;
(iv) Inadequate policies, practices, systems and procedures;
(v) Non-compliance with legal, regulatory and governance framework;
(vi) Difficult areas for verification, due to absence of relevant evidence documents;
(vii) Points outstanding from previous Management Letters; and
(viii) Other matters affecting the conduct of the Governance Audit.
Governance Audit Report
a) Governance Audit Report is an independent opinion by a Governance Auditor on the appropriateness, adequacy and effectiveness of governance practices of an organization based on available evidence.
b) Based on the evidence gathered from Governance Self-Assessment Report, site visits completed Governance Audit Tool and Management Responses to the Management Letter, the Governance Auditor shall prepare a Governance Audit Report setting out his opinion on the status of governance practice and compliance of the Organization.
c) In preparing the Governance Audit Report, the Governance Auditor shall comply with the prescribed format of Governance Audit Report.
Communication of Governance Audit Matters
The Governance Auditor shall communicate to the Organization matters of governance interest that arise from the Governance Audit as below:
a) Matters of governance interest
These are matters that arise from the Governance Audit and in the opinion of the Governance Auditor, are both important and relevant to persons charged with governance and compliance.
b) Relevant Persons
Governance Auditor shall consider the legal responsibilities of the persons to whom Governance Audit matters of interest shall be communicated as follows:
(i) Where the matter is of importance, it shall be communicated to the Board;
(ii) In other cases, the Governance Auditor may communicate the matter to the committee responsible for governance;
(iii) Where the governance structure is not well defined or persons charged with governance are not clearly identified by the client or by legislation, the Governance Auditor shall agree with the Organization, on the persons to whom Governance Audit matters shall be communicated.
c) Matters of governance to be communicated
Below is a list of matters that shall ordinarily be communicated to persons charged with governance of the organization:
(i) The general approach and the overall scope of the Governance Audit;
(ii) Non-compliance with laws or regulations;
(iii) Material weaknesses in internal controls related to the prevention and detection of fraud and error, questions regarding management integrity and fraud; and
(iv) Any other requirements specifically agreed upon in terms of Governance Audit engagement.
d) Timing and Forms of Communication
(i) Matters of governance interest shall be communicated in writing in a timely manner.
(ii) The Organizations shall be given an opportunity to comment on the Governance Audit findings, conclusions and recommendations before the Governance auditor issues the Governance Audit report.
(iii) Any disagreements shall be analyzed and factual errors corrected.
(iv) The review of Management responses shall be recorded in working papers.
Governance Audit Requirements
The objective of a Governance Auditor s Report is inform the stakeholders on the governance and compliance status of the Organization. A Governance Auditor is expected to have the following:
Knowledge
The Governance Auditor shall have knowledge of the client business, legal, regulatory and industry environment.
Team
The Governance Auditor shall ensure that there is an engagement team with appropriately skills to support the Governance Audit assignment.
Documentation and Backup
The Governance Auditor shall develop a manual and checklists for use in the evaluation process and shall keep proper records of documents checked in the course of the Governance Audit.
Third Party Supporting Evidence
The Governance Auditor shall confirm any filings and returns made by the Organization to regulators, oversight bodies and other authorities independently. Verification and enquiries may be made with the other statutory bodies, internal auditors, consultants and independent Board Members.
Time Lines
The Governance Auditor shall adhere to the schedule set to conduct the Governance Audit assignment.
Independence
A Governance Auditor shall observe his professional duty to provide an objective view and shall be independent from the Organization being audited.
Working Papers
The Governance Auditor shall maintain a diary and working papers, supporting documents, observations, Management explanations and the basis for his conclusions. These documents will serve as Governance Audit evidence in the Governance Auditor’s defense against possible allegation of misconduct, in case of any enquiry or questions from regulators or oversight bodies and during the peer review.