The need to preserve organisations and entities is more important than ever.
The past few years have brought along many challenges, such as the unforeseen and unpredictable disruption of the Covid-19 global pandemic, changing the way we work, live, and interact. Most recently, South Africa’s had to endure load shedding, along with many other governance challenges that could seek to be solved by the audit function.
Due to the implementation of load shedding and escalating governance issues in the public sector, our current environment is chaotic. The need to preserve organisations and entities is more important than ever, and the key is to apply good governance principles and maintain governance structures to strengthen our institutions.
There is a dire need to enhance corporate governance to inform new avenues for value creation, innovation, and a path forward that is both viable and beneficial.
Internal auditing remains pivotal to governance. Internal audit is well placed to complete the assurance reality check. It not only assesses the quality of assurance provided but examines the relevance to the management or governance committee. Internal audit could be the key to preventing corruption and fraud in private and public organisations.
It has traditionally been seen as a monitoring function for businesses and tolerated as a required element of organisational management but considered an obligation to the accomplishment of significant corporate objectives. Its role is to essentially offer value to an organisation.
There are still many challenges faced particularly in the leadership space in our country where more is needed to advocate good governance practices. Professionals in the governance, accounting and auditing sectors have a key role in promoting good governance principles, which lead to improving the productivity of organisations as well as increasing the adoption rate of governance principles throughout South Africa’s economic structures.
The Internal Auditors Corporate Governance Index (CGI) is viewed as a barometer to measure the state of governance in organisations by rating seven governance dimensions, namely,Ethics, Compliance, Leadership, Performance, Operational Risk, External Risk, and Assurance. Its role is to recommend improvements needed to enable organisations to remain reputable and ethical in the eyes of stakeholders. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
According to CGI South Africa’s overall score has increased by 10 basis points since 2020. However, the 3.2 rating out of 4 for the first CGI report in 2013 has still not been attainable to date. The report which is based on public sector respondents also showed improved results in the Agriculture, Defence, Mining, Wholesale and Retail sectors.
Once the surveying function is complete, the report information undergoes validation and analysis by the Department of Auditing at the University of Pretoria. This is to ensure that the survey questions are aligned with the King IV Codes of Good Governance and span seven governance dimensions, including Ethics, Compliance, Leadership, Performance, External Risk, Operational Risk, and Assurance.
These dimensions are then rated on a scale from 0 to 4, with 0 indicating the lowest and 4 indicating the highest level of governance performance. The survey questions are answered by the Chief Audit Executives, who are in the best position to provide a comprehensive overview of the organization's corporate governance practices.
The particular report found that these sectors have improved governance ratings in ethics, leadership, risk, and performance in 2022, wherein previous years were rated much lower. A further decrease could mean a state of emergency and will require a more detailed and long-term response.
The pandemic spearheaded the global adoption of digital technology, resulting in the introduction of new regulations, standards, and laws. It also brought significant changes to the way we work, including the prompt implementation of hybrid policies. Some of these changes contributed to unethical practices, online crime, business closures, and an increase in unemployment. However it also played a part in assisting the embrace of technological advances to improve overall performance in 2020 - 2022.
The report also identified the top three emerging risks for organisations are cybersecurity, political interference, and fraud. The threat from cyberattacks is significant and continuously evolving. Internal audit plays an integral role in assessing and identifying opportunities to strengthen enterprise security. ICT should be on the agenda of oversight bodies, and members of oversight bodies should familiarise themselves with the key ICT trends affecting their industries to ensure that they ask the right questions of management.
Examples of cybersecurity issues that concern public sector internal auditors include ransomware, phishing, and hacking. All of these can interfere with an organisation’s ability to function for its constituents and put it at risk of using public funds to pay hackers.
Local governmental bodies and agencies receive vast quantities of heavily regulated personal and other sensitive data, from both employees and constituents, including personal identifiable information and credit or bank card information. Security surrounding data is a significant risk, as public bodies are targets for data breaches and ransomware. Organisations also face reputational damage and a loss of trust if they do not properly protect the data they store.
Internal Auditors have the advantage to defend against fraud and provide foresight when it comes to risk identification. As organisations are adjusting to deal with operational risk, such as a volatile business environment, supply chain disruptions, talent shortages, and a rise in cyberattacks, to name a few, it leaves them vulnerable to fraudsters seeking to take advantage of the situation using increasingly sophisticated technology tools to carry out their crimes.
Organisations are becoming more vulnerable to fraudsters looking to exploit the situation by using increasingly sophisticated technology tools to commit their crimes as a result of how they are adjusting to deal with operational risk, such as a volatile business environment, supply chain disruptions, talent shortages, and an increase in cyberattacks, to name a few.
Audit teams can be proactive in their defence of risk detection by thinking about:
- Conducting regular fraud risk assessments.
- Anticipate fraud.
- Raise awareness in audit reports to governing bodies and senior management.
- Be prepared for scrutiny and accountability.
The CGI shows that ethics is another area of focus that has seen improvements over the years, however there are still challenges faced particularly in the political leadership space, where more is needed to advocate good governance practices. Organisations with effective ethical practices increase the adoption rate of governance principles internally and make a small contribution to South Africa’s economic structures.
It is crucial to remember that ethics include actions such as the misuse of power, manipulation of others, destroying the environment, making poor judgments for stakeholders, engaging in discrimination, etc. Therefore, leaders cannot afford to believe that their work is done after setting the tone. Setting the tone entails acting in a visible way and putting policies in place to make sure that the tone permeates the entire organisation.
It is important that leaders have a thorough understanding of the environment in which they work and take ethics into account holistically. The diversity that South African organisations have affords executives the chance to hold in-depth discussions about ethics while taking a wide range of viewpoints into account.
Globally and locally, there is an emphasis on training and development for internal auditors to gear up for a future-fit role in organisations. The Institute of Internal Auditors South Africa (IISA) has particularly focused its continual development programmes and events around having a future fit internal auditor, looking specifically at the technological and digital needs of organisations for the future.
The CGI report continues to give the profession enough insights into the future. The report outcomes also serve to direct the auditors to ensure that they stay ahead of the curve and in the know of new digital trends. This means that time should be utilised effectively between tangible objective assurance tasks and continual professional development to meet the varying expectations of key stakeholders.