TIAPS Module 1 Audit and Assurance workbook
VI. VII. Managing risks and performance through robust internal control and strong public financial management. Implementing good practices in transparency, reporting, and audit, to deliver effective accountability. 12 Principles A and B are at the core of public sector entities and ensure they operate in the public interest. The other principles define the requirements for effective governance, working together as a plan-do-check-act cycle (also known as PDCA). A.3.4 King IV Corporate Governance Report, 2016 The King IV Corporate Governance Report 2016 incorporates a governance code for South Africa. However, it is widely regarded as a leading global standard for governance for all sectors. The report defines corporate governance as “the exercise of ethical and effective leadership by a governing body towards the achievement of the following governance outcomes: ethical culture, good performance, effective control, and legitimacy.” This balance between integrity and effectiveness is a key feature. Doing good and doing well are regarded as complementary rather than being in opposition. The report sets four key responsibilities for the board: • Steering and setting strategic direction. • Approving policy and planning. • Ensuring accountability. • Overseeing and monitoring. These are defined in more detail through 17 principles. These become the basis for assessing the quality of governance. Since the model applies to all organizations, there is a need to “adopt and adapt” according to size and other organizational needs. 1. Lead ethically and effectively. 2. Govern the ethics of the organization in a way that supports the establishment of an ethical culture. 3. Ensure that the organization is and is seen to be a responsible corporate citizen. 4. Appreciate that the organization’s core purpose, its risks and opportunities, strategy, business model, performance, and sustainable development are all inseparable elements of the value creation process. 5. Ensure that reports issued by the organization enable stakeholders to make informed assessments of the organization’s performance and its short, medium, and long-term prospects. 6. Serve as the focal point and custodian of corporate governance in the organization. 7. Comprise the appropriate balance of knowledge, skills, experience, diversity, and independence for it to discharge its governance role and responsibilities objectively and effectively. 12 International Framework: Good Governance in the Public Sector, CIPFA, 2014 20
8. Ensure that its arrangements for delegation within its own structures promote independent judgement, and assist with the balance of power and the effective discharge of its duties. 9. Ensure that the evaluation of its own performance and that of its committees, its chair, and its individual members support continued improvement in its performance and effectiveness. 10. Ensure that the appointment of, and delegation to, management contribute to role clarity and the effective exercise of authority and responsibilities. 11. Govern risk in a way that supports the organization in setting and achieving its strategic objectives. 12. Govern technology and information in a way that supports the organization setting and achieving its strategic objectives. 13. Govern compliance with applicable laws and adopted, non-binding rules, codes, and standards in a way that supports the organization being ethical and a good corporate citizen. 14. Ensure that the organization remunerates fairly, responsibly, and transparently so as to promote the achievement of strategic objectives and positive outcomes in the short, medium, and long term. 15. Ensure that assurance services and functions enable an effective control environment, and that these support the integrity of information for internal decisionmaking and of the organization’s external reports. 16. Adopt a stakeholder-inclusive approach that balances the needs, interests, and expectations of material stakeholders over time. 17. [For institutional investor organizations] Ensure that responsible investment is practiced by the organization and the creation of value by the companies in which it invests. 13 In addition to these principles, the report includes recommended practices. For principle 15, this includes a role for the audit committee and a separation of roles consistent with the Three Lines Model (although King IV advocates for five lines of assurance, adding external audit and the board as lines four and five respectively). Additionally, the report recommends internal audit makes an annual statement on the effectiveness of governance and risk management processes. This reflects the requirements of the IPPF (Standard 2100 – Nature of Work): The internal audit activity must evaluate and contribute to the improvement of the organization’s governance, risk management, and control processes using a systematic, disciplined, and risk-based approach. Internal audit credibility and value are enhanced when auditors are proactive and their evaluations offer new insights and consider future impact. 14 However, the requirement for annual reporting goes beyond Standard 2060 – Reporting to Senior Management and the Board by which the CAE must report “periodically.” (Internal audit opinions are discussed in more detail in C.1.5) 13 “Report on Corporate Governance for South Africa,” King IV, 2016. 14 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 21
- Page 1 and 2: Module 1: Audit and Assurance TIAPS
- Page 3 and 4: Table of Contents Module 1: Audit a
- Page 5 and 6: Relevant Standards Reference is mad
- Page 7 and 8: • Close scrutiny. The activities
- Page 9 and 10: A.2 Public Sector Governance IIA In
- Page 11 and 12: The need for governance arises for
- Page 13 and 14: Although developed for government a
- Page 15 and 16: A.3 Governance Models When evaluati
- Page 17 and 18: defensive aspects to minimize negat
- Page 19: A.3.3 CIPFA International Framework
- Page 23 and 24: • Consideration of overlapping in
- Page 25 and 26: A.3: Reflection Which model or mod
- Page 27 and 28: Although they are related, the prin
- Page 29 and 30: B.1.1 Independence, Objectivity, an
- Page 31 and 32: B.1: Reflection Is it possible to
- Page 33 and 34: According to The IIA Position Paper
- Page 35 and 36: B.2: Reflection When was the last t
- Page 37 and 38: When independence or objectivity ar
- Page 39 and 40: B.4 Safeguards for Independence and
- Page 41 and 42: In other cases, there is no audit c
- Page 43 and 44: C. Assurance and Advisory Engagemen
- Page 45 and 46: It is common to build an allowance
- Page 47 and 48: The following list is taken from Sa
- Page 49 and 50: helping managers developing control
- Page 51 and 52: C.1.5 Internal Audit Opinions Audit
- Page 53 and 54: Leadership and Communication Intern
- Page 55 and 56: C.2 Auditing Governance The IIA Sup
- Page 57 and 58: C.2: Reflection How does your inter
- Page 59 and 60: Fraud may be perpetrated via measur
- Page 61 and 62: circumstances (unethical and often
- Page 63 and 64: Management Issues • Lack of area
- Page 65 and 66: Risk management techniques can be a
- Page 67 and 68: IT controls may be manual, automate
- Page 69 and 70: The IIA’s Cybersecurity Toolkit d
VI.<br />
VII.<br />
Managing risks <strong>and</strong> performance through robust internal control <strong>and</strong> strong public<br />
financial management.<br />
Implementing good practices in transparency, reporting, <strong>and</strong> audit, to deliver<br />
effective accountability. 12<br />
Principles A <strong>and</strong> B are at the core of public sector entities <strong>and</strong> ensure they operate in the<br />
public interest. The other principles define the requirements for effective governance,<br />
working together as a plan-do-check-act cycle (also known as PDCA).<br />
A.3.4 King IV Corporate Governance Report, 2016<br />
The King IV Corporate Governance Report 2016 incorporates a governance code for South<br />
Africa. However, it is widely regarded as a leading global st<strong>and</strong>ard for governance for all<br />
sectors. The report defines corporate governance as “the exercise of ethical <strong>and</strong> effective<br />
leadership by a governing body towards the achievement of the<br />
following governance outcomes: ethical culture, good performance, effective control, <strong>and</strong><br />
legitimacy.” This balance between integrity <strong>and</strong> effectiveness is a key feature. Doing good<br />
<strong>and</strong> doing well are regarded as complementary rather than being in opposition.<br />
The report sets four key responsibilities for the board:<br />
• Steering <strong>and</strong> setting strategic direction.<br />
• Approving policy <strong>and</strong> planning.<br />
• Ensuring accountability.<br />
• Overseeing <strong>and</strong> monitoring.<br />
These are defined in more detail through 17 principles. These become the basis for<br />
assessing the quality of governance. Since the model applies to all organizations, there is a<br />
need to “adopt <strong>and</strong> adapt” according to size <strong>and</strong> other organizational needs.<br />
1. Lead ethically <strong>and</strong> effectively.<br />
2. Govern the ethics of the organization in a way that supports the establishment of an<br />
ethical culture.<br />
3. Ensure that the organization is <strong>and</strong> is seen to be a responsible corporate citizen.<br />
4. Appreciate that the organization’s core purpose, its risks <strong>and</strong> opportunities, strategy,<br />
business model, performance, <strong>and</strong> sustainable development are all inseparable<br />
elements of the value creation process.<br />
5. Ensure that reports issued by the organization enable stakeholders to make informed<br />
assessments of the organization’s performance <strong>and</strong> its short, medium, <strong>and</strong> long-term<br />
prospects.<br />
6. Serve as the focal point <strong>and</strong> custodian of corporate governance in the organization.<br />
7. Comprise the appropriate balance of knowledge, skills, experience, diversity, <strong>and</strong><br />
independence for it to discharge its governance role <strong>and</strong> responsibilities objectively<br />
<strong>and</strong> effectively.<br />
12<br />
International Framework: Good Governance in the Public Sector, CIPFA, 2014<br />
20