1

WHAT IS GOVERNANCE?
Governance is the exercise of economic and administrative
authority necessary to manage an entity's affairs.
Governance is concerned with the processes by which decisions are
made and implemented so that the entity's affairs are conducted
properly and in accordance with the laws and other applicable
regulations.
The Organisation for Economic Co-operation and Development OECD! refers
to governance "
'characterised by participation,
transparency, accountability, rule of law,
effectiveness, equity. Good governance
refers to the management of government
[governing body] in a manner that is
essentially free of abuse and corruption,
and with due regard for the rule of law'..
#n business$ the essence of governance relates to the structure
of separation of ownership and management.
#n the agency structure$ members or shareholders! of the
corporation rely on the management agents!.
These agents are the board of directors and managers who conduct the business
on behalf of the members. %hareholders and owners re&uire not only the laws$
but also other means to ensure that the management of the corporation act in the
best interest of the corporation and its shareholders or owners.
Management accept the accountability meau!e
th!ough "hich they #emont!ate the e$ecti%ene o&
thei! pe!&o!mance' Thi i the o!igin o& co!po!ate
go%e!nance'
2
The authority exercised by a governance body is underpinned
by transparency and accountability.
This is the context in which the auditor plays a role.
The independent auditor provides an ob'ective assurance to the truth
and fairness of an 'account' that is prepared by the management and
which represents the way in which the corporation is run.
The independent auditor adds to the credibility of the conduct as
performed by the agent.
This accountability framewor( is part of the bac(bone of governance.
)ccountability is 'explaining or 'ustifng what has been done$ what is
being done and what is planned'.
)ccountability is giving of account$ a reporting of that for which one is
accountable.
Ente!p!ie Go%e!nance( A
)!ame"o!*
Enterprise governance is a framewor( that covers both the corporate governance
regime and the business governance perspectives of an organisation.
the et o& !eponibilitie an# p!actice e+e!cie# by the
boa!# an# e+ecuti%e management "ith goal o& p!o%i#ing
t!ategic #i!ection, enu!ing the ob-ecti%e a!e
achie%e#, ace!taining that !i* a!e
manage# app!op!iately, an# %e!i&ying
that the o!ganiation. !eou!ce a!e
ue# !eponibly'.
The definition assumes the dual role of directors in both monitoring
conformance! and strategy performance!$ and ac(nowledges the inherent
tension between governance and value creation.
3
Enterprise governance is perceived as a model that can be applied to
corporations$ not-for-profit organisations and the public sector.
The conformance aspect$ based mainly on corporate governance best practice$
covers issues such as"
The roles of the chair of the board and top management e.g. the CEO's
responsibility to ensure accountability and independence!
The composition$ s(ills base$ remuneration and training of the board and
its committees
*oles of non-executive directors and audit$ nomination and remuneration
committees
The ade&uacy and reasonableness of compensation schemes for
executives
#nternal control structures$ ris( management and the role of internal audit
+ the financial reporting and disclosure regime
The independence of the audit function and the reporting mechanisms.
4
THE AUDT!" A#D $!%E"#A#&E
Overall Objectives of the Auditor
To obtain reasonable assurance about whether the financial report as
a whole is free from material misstatement$ whether due to fraud or
error$ thereby enabling the auditor to express an opinion on whether
the financial report is prepared$ in all material respects$ in
accordance with an applicable financial reporting framewor(,
To report on the financial report and communicate as re&uired by the
)ustralian )uditing %tandards$ in accordance with the auditor's
findings
)%) -.. states that management and those charged with governance have the
following responsibilities"
/or the preparation of a financial report in accordance with the applicable
financial reporting framewor($ including where relevant$ their fair
presentation,
/or such internal control as management and$ where appropriate$ those
charged with governance determine is necessary to enable the preparation of
a financial report that is free from material misstatement. whether due to
fraud or error$ and
To provide the auditor with
)ccess to all information$ of which management and$ where appropriate$
those charged with governance are aware that is relevant to the
preparation of a financial report such as records$ documentation and other
matters,
)dditional information that the auditor may re&uest from management
and$ where appropriate$ those charged with governance$ for the purpose
of the audit, and
0nrestricted access to persons within the entity from whom the auditor
determines it necessary to obtain audit evidence.
'
The following standards provide some examples of the auditor's interactions
with those charged with governance"
)%) -1. Consideration of 2aws and *egulations in an )udit of a
/inancial *eport #%) -1.! re&uires the auditor to consider in detail
the laws and regulations in an audit of a financial report.
)%) -3. Communication with Those Charged with 4overnance
#%) -3.! specifically discusses the communication necessary to
occur between the auditor and those charged with governance of an
entity.
)%) -31 Communicating Deficiencies in #nternal Control to Those
Charged with 4o vet-n4overnance and 5anagement #%) -31!
re&uires the auditor to communicate deficiencies in internal control
to those charged with governance.
)%) 671 #dentifring and )ssessing the *is(s of 5aterial
5isstatement through 0nderstanding the Entity and #ts Environment
#%) 671! refers to the identification and assessment of ris(s of
material misstatements through understanding the environment of
the entity.
)%) 66. The )uditor's *esponses to )ssessed *is(s #%) 66.!
follows )%) 671 #%) 6!1! which deals with the auditor's responses
to assessed ris(s and approaches to the audit plan in a manner to
ensure such ris(s are considered in the nature and extent of
obtaining audit evidence.
The main !ole o& the e+te!nal au#ito! i to gi%e an
in#epen#ent opinion on the t!uth an# &ai!ne o& the
/nancial tatement o& the o!ganiation'
(
Co!po!ate Go%e!nance 0con&o!mance1
an# the Au#iting )unction
Corporate governance is the framewor( of rules$ relationships$ systems and
processes within and by which authority is exercised and controlled in
corporations.
#t encompasses the structure$ the systems and the relationships among parties
such as the board of directors$ management including (ey officers!$ auditors$
regulators$ shareholders and the public.
The principles of corporate governance were highlighted in the )%8 Corporate
4overnance Council's Corporate 4overnance 9rinciples and *ecornrnendations
To ensure the basis for an effective corporate governance framewor(
through the promotion of transparency and efficient mar(ets$ legal and
regulatory re&uirements$ division of responsibilities among
different government authorities to ensure the public interest is
served$ and the provision of supervisory and enforcement authorities
To ensure e&uitable treatment of shareholders by enhancing their rights and
authorities and clarifying the role of institutional investors in a fiduciary
capacity
To deal with conflicts of interest with the principles covering disclosures,
the role of providers of corporate information such as rating agencies, the
duties of the auditors and their accountability to shareholders, and the
protection of minority shareholders' rights.
:a(er and Owsen' 'argued that the role of auditing need not be constrained
within the narrow bounds of investor decision ma(ing$ but should be viewed in
relation to the wider needs of various sta(eholder groups and society generally.
)udited financial reports should render assurance that"
the financial statements are right
the company will not fail
there has been no fraud
the company has acted within the law
the company has been competently managed
the company has adopted a responsible attitude to environmental and societal
matters.
)
*usiness $overnance +per,or-ance. and
Auditing and Assurance /ervices
)lthough the role of monitoring performance is mainly the responsibility of the
board$ the application of tools$ techni&ues and practices directly involves the
accountant and some of the assurance services provided in assisting
management and the board.
)ccountants and auditors - the traditional gate(eepers of the financial reporting
regime play a significant role in strengthening both corporate and
business governance.
Their roles can be summarised as follows:
They provide assurance of the integrity and reliability of the internal
control and ris( management systems of clients.
They ensure an awareness of$ and use relevant measures to detect$
possible financial misstatements such as earnings management
practices!.
They ensure audit independence through safeguards and professional
development programs.
They enhance audit &uality control processes.
They actively practise the code of conduct
They monitor the development of and adherence to auditing standards
nationally and internationally.
0
The Au#it T!inity Concept
The audit trinity is the (ey to securing corporate accountability.
The external audit$
The internal audit
The audit committee
Audit function is to perform specific duties that complement and interlock with
the other members
Internal audit includes corporate governance and accountability matters
Audit committees oversee internal audit and external audit functions
1
ISS2ES IN GOVERNANCE
Inte!nal Cont!ol an# Ri*
Management
*is( management is referred to as the entire culture$ process
and system established to manage opportunities and minimise
or control adverse ris(s.
12
Enterprise ris( management is defined in the framewor( as"
a process3 e4ected by an entity5s board o, directors3
-anage-ent and other personnel3 applied in
strategy setting and across the enterprise3 designed
to identi,y potential events that -ay a4ect the entity3
and -anage ris6s to be 7ithin its ris6 appetite3 to
provide reasonable assurance regarding the
achieve-ent o, entity ob8ectives.
A typical ris6
-anage-ent syste-
involves planning9
understanding the
co-pany5s ris6 appetite
and pro:le9 identi,ying3
ran6ing3 -onitoring3
reducing and reporting
ris6s9 i-ple-enting
controls9 and ta6ing
preventive and ,ollo7;up
11
Ente!p!ie Ri*
Management
E*5 consists of eight interrelated components.
These processes are derived from the way management runs a business"
#n the internal environment$ management establishes a ris( management
philosophy the ris(-ta(ing approach! in order to form a ris( culture while
integrating ris( management with related initiatives.
*is( ob'ectives are set in four categories - strategic$ operations$ reporting
and compliance. %ome organisations include the ob'ective of safeguarding
resources. These ob'ectives allow management and the board to focus on
separate aspects of ris( management
Event identification is a process where both external and internal factors that
might affect event occurrence are considered. The identification
methodology may use a combination of techni&ues and tools$ loo(ing at both
the past and the future.
*is( assessment then allows an entity to consider how potential events might
affect the achievement of ob'ectives. Two perspectives are determined -
li(elihood and impact
*is( response options are identified by management$ which considers the
impact of the event in relation to ris( tolerances$ evaluates costs and benefits$
and designs and implements response options.
Control activities are the policies and procedures that ensure ris( responses
are properly executed throughout the organisation$ at all levels and in all
functions. Control activities are closely aligned with general and application
controls
9ertinent information and effective communication are re&uired to allow
E*5 responses to changing conditions in real time. #nformation can be
&uantitative$ &ualitative$ internal and external. Communication channels
should also ensure personnel can communicate ris(-based information across
business units$ processes or functional areas.
12
There is a direct relationship between ob'ectives$ components and units.
The ERM mat!i+ in p!o%i#e an o%e!%ie"'
)%) 671 states that the auditor should obtain sufficient understanding of the
internal control structure to plan the audit and develop an effective audit
approach.
The auditor should use professional judgement to assess audit ris( and to
design audit procedures to ensure ris( is reduced to an acceptably low level.
#n assessing the internal control structure$ auditors should gain an
understanding of whether the internal control structure can ensure that the
conduct of the business is orderly$ including the ability to prevent and detect
fraud$ error$ non-compliance$ and the misappropriation of assets.
The auditor should gain an understanding of the business and the company
environment to appreciate ris(s that might be embedded within the nature of the
business and the approach underta(en by the management in dealing with such
ris(s. These are inherent risks.
5oreover$ the auditor in planning the audit will spend time reviewing the
internal control of the company in other to assess the li(elihood of control
failures. These are control risks
13
INTERNA3 AN4 O5ERATIONA3
A24ITING IN THE GOVERNANCE
5ROCESS
The (ey audit roles performed by professional accountants that provide
assurances on the ade&uacy of conformance and the strategic values of business
performance.
Internal Auditing
An independent3 ob8ective assurance and consulting
activity designed to add value and i-prove an organi<ation5s
operations. t helps an organi<ation acco-plish its ob8ectives by
bringing a syste-atic3 disciplined approach to evaluate and
i-prove the e4ectiveness o, ris6 -anage-ent3 control3 and
governance processes.
The scope of internal auditing should encompass the examination and
evaluation of -
The ade&uacy and effectiveness of the organisation's governance and
internal contro structure,
Tthe &uality of performance in carrying out assigned responsibilities,
The procedures of ris( identification and management,
The mechanisms to ensure regulatory compliance.
Internal auditors should-
*eview the reliability and integrity of financial and operating information and the
means used to identify$ measure$ classic' and report such information
*eview the systems established to ensure compliance with those policies$ plans
procedures$ laws and regulations that could have a significant impact on operations
and reports$ and determine whether the organisation is in compliance
)ssess ris(s within the business operations and those from outside die business
which may affect the ongoing wellbeing of the organisation as a whole
*eview the means of minimising ris(s and help management with ris(
management processes
)ppraise the economy and efficiency with which resources are employed
*eview operations or programs to ascertain whether they are being carried out as
planned$ and whether results are consistent with established ob'ectives and goals.
14
O!ganiational an# &unctional #i$e!ence
bet"een inte!nal an# in#epen#ent au#ito!
Following the introduction of CLERP 9 in Australia and the Sarbanes-Oxley
Act in the nited States! it is now prohibited for external auditors to provide
internal audit services for audit CLents in order to "reser#e the a""earance of
inde"endence$
#mportant criteria in assessing the performance of internal auditing by the
external auditor are"
O!ganiational Statu'
#nternal auditors should report to the highest level of management and be free of
any other operating responsibility. internal auditors need to be free to
communicate with the external auditor.
Scope o& Inte!nal Au#iting'
The external auditor should consider not only the nature and extent of the
internal audit assignments$ but also the extent to which management acts on
internal audit recommendations.
Technical competence
#nternal audit functions should be performed by those with ade&uate technical
training and proficiency.
4ue p!o&eional ca!e'
#nternal audits should be properly planned$ supervised$ reviewed and
documented. External auditors should consider the ade&uacy of audit manuals$
wor( programs and internal audit wor(ing papers.
1'
perational Auditing
Operational auditing has been used in the past to evaluate a variety of activities
that include management's performance$ management's planning and &uality
control systems$ and specific operating activities and departments.
Operational auditing is sometimes (nown as value-for-money or performance
auditing.
%his ty"e of auditing relates to an entity&s non-financial o"erations$
#t is the systematic process of gathering evidence to ascertain whether a
process or operation is effectively and efficiently run.

The #e/nition o& ope!ational au#iting encompae
e$ecti%ene an# e6ciency
0nli(e a financial statement audit$ an operational audit does not end with a
report on the findings$ but extends to ma(ing recommendations.
Three approaches have been suggested"
The ris(-based audit approach identifies the areas of greatest ris( and uses
an ob'ective;ris(;controls formula and a matrix to document and analyse an
effective audit program. The ris(-based approach also distinguishes
between control ade&uacy what should be! and control effectiveness what
is!.
The value-for-money audit approach defines attributes of effectiveness and
focuses on effectiveness$ efficiency and economy of operations from
customers< viewpoints.
The process audit approach examines the effectiveness of processes and
distinguishes value-added from non-value-added activities$ building the
control framewor( into the processes. -=
Typically$ there are five phases to an operational audit and each phase must be
completed. These phases are 7! preliminary preparation$ -! field survey$ 6!
program development$ >! audit application and 1! reporting and follow up.
1(
A24IT COMMITTEES
#t is a special committee formed by the board of directors.
#deally it is a group of outside directors who have no active day-to-day
operational role and who liaise between the independent auditor and the board
of directors.
Audit committees comprise in the main representatives from:

o ?on-executive directors
o #nternal audit
o External audit
o Executive directors!.

#t provides a forum where members of the governing body$ management and
auditors can address issues relating to the management of ris( and financial
reporting obligations
)udit committee members of the listed companies must be independent.
Independent' means that"
The member may not accept any (ind of compensation from the issuer$ or its
affiliates$ other than in the capacity of a member of the board
The member may not be an affiliated person of the issuer or a subsidiary of
the issuer other than in the capacity of a board member.
An au#it committee "ill ha%e peci/c inte!et in
the entity7 /nancial !epo!ting, inte!nal cont!ol
t!uctu!e, !i* management ytem, an# the
inte!nal an# e+te!nal au#it &unction'
1)
They were formed so that a company can be more
responsive to the needs of those interested in financial
reporting.
Their formation is itself a recognition of the responsibilities
of both the corporation and its auditor to the public
investor.
They have been formed to !ein&o!ce au#ito! in#epen#ence$
particularly the appearance of independence$ from the management of a
company whose financial report is being audited by the auditor.
@ith respect to audit committees$ specific re&uirements apply to companies on
the %A9;)%8 )ll Ordinaries #ndex - they are sub'ect to )%8 2isting *ule 7-.=$
whereby an entity included on that index at the beginning of its financial year
must have an audit committee during that year.
The following recommendations are pertinent"
The au#it committee houl# be t!uctu!e# o that it
consists only of non-executive directors$
consists of a ma'ority of independent directors
is chaired by an independent chair$ who is not the chair of the board$
has at least three members.
The audit committee should have a formal charter.
The audit committee should report to the board on the following matters:
Assessment of whether external reporting is consistent with information and
knowledge available to them and whether it is adequate for shareholders
Assessment of the reporting processes
Procedures for the selection and appointment of the external auditor and the
rotation of the audit partner
Recommendations for the appointment or removal of an auditor
Assessment of the performance and independence of the external auditor, with
special consideration if there is the provision of non-audit services
Assessment of the performance and obectivity of the internal audit function
!he results of its review of risk management and internal compliance and control
10
o f an Effective Audit Committee

)n audit committee of non-executive directors could act as an intermediary
between management and the external auditor.
The auditor$ therefore$ need be less concerned about being replaced in the event
of a disagreement with management.
The main ob'ectives of an effective audit committee include the following
)ssisting the directors in discharging their responsibilities with due care$
diligence and s(ill, in particular$ the audit committee is concerned with"
financial statements and financial information
the appropriateness of accounting policies used
ade&uacy of financial management policies and procedures
ade&uacy and monitoring of internal control structures
proper ris( management plans and processes
business practices
protection of assets$ including intellectual property
compliance with relevant laws$ regulations$ standards and best practice
guidelines
Othe! bene/t inclu#e(

#mproving the credibility and ob'ectivity of the accountability process
including financial reporting!,

)ssisting the board of directors to discharge its responsibility to
exercise due care$ diligence and s(ill,

#mproving the effectiveness of the internal and external audit functions
and the communication between the board of directors and the external
and internal auditors,

The audit co--ittee usually has oversight
responsibilities o, the :nancial reporting and auditing
process.
11
/acilitating the maintenance of the independence of the external
auditor, strengthening the role and influence of non-executive
directors.

Relationhip o& the Au#it Committee "ith the
Inte!nal an# E+te!nal Au#ito!
!erformance Auditing
A pe!&o!mance au#it i an in#epen#ent,
ob-ecti%e an# ytematic aement o& public
ecto! entitie. p!og!am, !eou!ce,
in&o!mation ytem, pe!&o!mance meau!e,
monito!ing ytem an# legal an# policy
compliance'
9erformance audits play an important role in improving the administration and
management practices of public sector entities. 9erformance audits involve the
evaluation of the implementation of specific government programs$ policies$
pro'ects and activities.
22
9erformance auditing captures the economic and compliance aspects of
an activity.