Introduction
It is said that an effective internal audit function plays a key role in assisting the management especially board to discharge its governance responsibilities. However, the governance and audit function itself are not absolute. If we look the meaning of internal audit and its relation to corporate governance within the organization, we will find numerous views in this regard. Systematic examination of the records, systems and procedures, and operations of an organization as a service to management is the traditional concept whereas as it said, independent appraisal function established within organization to examine and evaluate its activities as a service to the organization is modern concept of internal audit. The relative meaning of internal audit as said above becomes true because the internal control as a main objective of the internal audit is an integral part of the process designed and affected by the management of an organization to achieve its specified objects ethically, economically and efficiently. An audit objective is to assess whether the internal control system provides a reasonable assurance that the organization would achieve its objectives through the various types of controlling mechanism.
Corporate governance is a combination of processes and organizational structures implemented by the Board to inform, direct, manage, and monitor the organization’s resources, strategies and policies towards the achievement of the organization’s objectives. It is said that there are almost four pillars of corporate governance and internal audit is one of the important pillar thereon. Therefore, in the organization internal audit plays pivotal role in strengthening corporate governance focuses on the profession’s opportunities to become a strategic player in corporate governance in response to increased government regulation and management directives to strengthen controls and improve risk management. Without properly functioning of internal audit or internal control mechanism, if the management argues for the corporate governance it will be nothing just the nightmarish wish to deceive the stakeholders of the organization.
Internal Audit within EPF
Employees Provident Fund (EPF) as leading social security organization not only mobilizes the fund received as contribution from service holders, which crossed 100,000 million but also, assures service holders, which crossed 0.4 million for their secure post service period. As being such a huge organization and caretaker of the contributed public money, EPF should have adequate internal control system and internal audit function to mitigate the risk associated thereon. A primary focus area of internal auditing as it relates to corporate governance is helping the Audit Committee of the Board of Directors (or equivalent) perform its responsibilities effectively. This may include reporting critical internal control problems, informing the committee privately on the capabilities of key managers, suggesting questions or topics for the Audit Committee’s meeting agendas. Whether these functions are in practice or not within the EPF and are the existing practices of EPF regarding internal audit sufficient to retain the objective of corporate governance through internal control are the issues to be assessed from the both prospective of public and EPF management.
In the Technical report of ISSA, C. Daykin has focused on financial governance of social security organization to manage the risk. According to him, risk management of a social security institution includes having in place adequate arrangements for audit and an Audit Committee or similar dedicated structure to monitor and manage both internal and external audit activities. Therefore, risk management is a vital component of the governance of EPF and explores some of the features of a risk management structure and some of the risks to which it is subject. Social Security organization like EPF may be subject to some very long-term risks in respect of their liabilities, such as real earnings growth, structural changes in the economy, unemployment, disability, the future growth in the costs of health care and general improvements in longevity for the mass.
The areas of risk for an EPF in present context are operational risk, liquidity risk, liability risk, economic risk, investment risk, catastrophe risk and political risk. To accomplish reasonable comfort against such risk EPF should have strong mechanism so that it can be ready for any adverse situation. The control system designed for proper corporate governance and the importance given to it by top management holds more significance rather then the audit function itself happens within the organization. It is because internal audit is also the part of management to aware management about governance within organization.
EPF has set some strategic mission to establish it as a leading social security organization of the nation. To accomplish the mission set, it has focused on following areas;
- Practice of best corporate governance in the industry and automation in its operation
- Effective and optimum mobilization of available resources
- To establish it as a social security organization of international standard having highly competent management and
- To provide additional new social security coverage to the contributors
Without the adequate techniques, procedures and competent key staffs, it is almost impossible to succeed in its mission. Proper planning for financial as well as operational risk is needed and it can only be realized through good governance within the organization. Though recently audit committee has been formed to monitor to strengthen the governance, still the attention paid towards internal audit function within the EPF remains inadequate as the volume of the transaction and customer has been growing year by year. It is somewhat satisfactorily in comparison to the other similar government owned public enterprises of the nation that EPF has been trying for good practices. Recently, audit manuals has been prepared to facilitate the activities of the internal audit but without the proper practices within other departments, it’s like only the forced task without attention which neither gives output as expected nor supports the governance. Therefore, first, the people along with top management should be aware with the importance and the value added by the internal audit and then only the roles played by the internal audit within the organization synchronize with the objective as whole.
Management Information System (MIS) is critical for the success of organization. The role of MIS is to recognize information as a resource and then using that resource for effective and better achievement of organizational objectives. Before MIS, there is a preliminary stage in where transactions are generated and processed. If the processed transactions are accurate and consists all the quality of information it will create MIS while flowing through system. Each unit where transactions are generated should aware about it so that the transactions processed or the information generated can be tested and verified on timely basis. Then only it can be corrected without any losses. The business nature of EPF and its transaction have both financial and social aspects. It is not like a commercial bank, which would measure the performance in terms of profit earned rather than its social benefits. In the absence of true flow of information form, the point of its generation to the point where decisions are taken based on it, both controlling and governance would not be happens in true sense.
In EPF, decentralized computer system within the organization through which financial transaction are routed, inadequate internal control system both in terms of documentation and recording of transactions in some areas, lack of well-equipped environment, proper tool and techniques and engagement of competent staffs for an internal audit function has been directly affecting the performance for number of years. In addition to that up scaling of staffs and putting importance for the issues taken during audit would also be required to strengthen the internal control mechanism.
Good Governance through Internal Audit
It is not a unique that most corporate governance responsibilities rest with the organization’s senior management. Internal controls, ethics, policies and education, risk management, and compliance with laws and regulations must be on every senior manager’s radar screen if they are to permeate the organization. In short, corporate governance is every manager’s–especially every senior manager’s—responsibility and internal audit routinely help this management with its leg of the governance. Internal audit plays a vital role within governance processes by keeping the board, senior management, and external auditors aware of risk and control issues and by assessing the effectiveness of risk management.
Like other social security organization, EPF should focus to increase the corporate values
through the improvement of financial performance and operational performance based on good business practices.Good governance gives pressure to the EPF to add value for all stakeholders which resulting in more attention being given to efficiency, effectiveness and quality of services. EPF has to go far ahead then where it is in upcoming years. The journey is not so easy because new threats and risk are coming as well as the volume of the transactions are increasing years by years. Building strong internal control mechanism to assure good governance within organization is another challenge to EPF for its financial sustainability. It can be achieved by identifying the risk and implementing various possible measures to minimize such risks. Internal audit not only identifies the risk but also monitors the implemented measures for its suitability and output desired. Therefore, as being the largest and mounting social security organization EPF should equally be focused towards both quality services and strong operational competencies and it can only be by giving role to resourceful internal audit function in good corporate governance of organization.
