Governance standards to be boosted by new ASX requirement

by |
A new ASX requirement for listed entities to disclose whether they have an internal audit function will deliver a boost to the governance standards of close to 2000 Australian companies who have yet to embrace the assurance that internal audit provides, according to a risk assurance expert.
The 3rd Edition of the ASX Corporate Governance Principles and Recommendations has introduced Recommendation 7.3, which states that a listed entity should disclose if it has an internal audit function, how the function is structured and what role it performs. If it does not have one, the entity needs to disclose that fact and the processes it employs for evaluating and continually improving the effectiveness of its risk management and internal control processes. 
Mark Harrison, managing director of global risk consulting firm Protiviti, stated the recommendation has bought Australia up to the speed with the rest of the world.
“The New York, UK, Hong Kong, Singapore and Malaysian stock exchanges have for many years either obliged listed companies to have an internal audit function or required a relevant disclosure in their annual report. Market regulators insist on this for the simple reason that internal audit enhances shareholder protections and is a fair quid pro quo for the privilege of raising capital from the public,” he explained.
Harrison said while most well-resourced companies at the “big end of town” already have an internal audit function, among the remaining “1800 or so companies below the ASX 300” internal audit is not as common.
“Implementing the new requirement will be more challenging for small and medium companies who do not currently have an internal audit function,” Harrison said. “Some may decide not to go ahead as they are not obliged to under the new ASX Corporate Governance Recommendations. However, the smarter operators will see this as an opportunity for positive differentiation in a crowded market”. 
According to Harrison many investors now viewed the existence of an internal audit function as an indicator of the health and stability of the company. 
“It’s a shortcut sign that the company’s a safer bet.  Accordingly, companies that disclose a solid internal audit function will inspire greater confidence and enhance their attractiveness to investors,” he explained.
And while establishing a dedicated internal audit functions may not be cost effective for smaller organisations, Harrison said there are other options available such as adopting a shared service model where two or three companies split the cost of an internal auditor, or outsourcing to an internal audit consulting firm. 
Protiviti’s top three tips to establish a quality, cost-effective internal audit function:
  • Share the cost of an internal audit resource with other companies rather than employ a dedicated full-time auditor;
  • Engage a reputable third-party service provider; and
  • Insist your internal auditor applies the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing to guarantee the quality and reliability of their work.
  • Nick Chipman on 8/04/2014 10:53:30 AM

    The requirement does not stipulate that an internal audit function is essential.There are alternatives to encourage that a fit for purpose approach to risk is in place.More balance in the commentary about other business routines that support risk taking and managament is required.

Corporate Risk & Insurance forum is the place for positive industry interaction and welcomes your professional and informed opinion.

Name (required)
Comment (required)
By submitting, I agree to the Terms & Conditions