The management did assign the audits to the controller who delegated the Internal Auditors. However, with the controller came into the play, other issues have occurred. With his multiple roles in the firm and board, He has become too powerful. His roles as a controller, Chief Executive Auditor although not stated clearly in the case, and chairman of several committees have impaired his objectivity and independence. The International Audit Standard Rule No. 1130. A1 and A2 stated that internal auditor’s independent and objectivity are impaired if the auditors assesses on his/her own work and the same as goes for the Chief Executive Auditor. The controller’s role has definitely violated this standard as he was in charged with both the accounting and auditing process.
Additionally, regarding the issues with the controller, as a person who plan and supervise the internal audit department, according to Code of Ethics Rule 4.1 should have necessary knowledge, skills, and experience; however, the controller, in this case, is lack of such requirement. With his inadequate background, he might have misdirected the Internal Auditors in performing the audit. One of the misconduct that might have been caused by either biased or lack of auditing knowledge of the controller was to direct the Internal Auditors to only review the input/output of the computer systems’ control. Under International Standard Rule 1210. C1, The head of the Internal Auditor should have allowed the Internal Auditors to work together or consult with the expert to review the control of the computer’s internal operations since they might have lack of knowledge in the computer operations.
The issues of impairment of Independent, Objectivity, and Competency with the Audit Committee and Controller would not have occurred or at least minimized if the IIA have exercised good corporate governance from the day IIA was founded. However, the good thing was that the management has begun to take action to fix those problems especially the one about the Controller following his resignation.
Many corrective actions have been taken to put the IIA back in order. An independent and qualified Chief Audit Executive has been assigned to head the Internal Audit Department; and the audit staffs are trained with the EDP auditing. The Internal Auditors are to report directly to the Chief Audit Executive who in turn communicate directly to the Audit Committee. Under this structure, the independent and objectivity of the audits will be more reliable.
In addition, with the interrelationships of the internal auditor as mentioned above as well as external auditors with the Audit Committee enables the cooperation between the two entities. The report of the Internal Auditors may become helpful for the External Auditors in determining the accuracy of the financial statements while on the other hand, the external auditor may assist the internal audit on the possibility of risk that may have been overlooked by the internal auditor. However, sometimes conflicts may have occurred between them as a result of different objectives: Internal Auditors are more operational focused and External Auditors are more financial statement focused. This problem can be solved with effective communication between the two; therefore, the Internal Auditors of the IIA should have good communication skills in addition to the auditing experience/background.
Moreover, the out of hand decentralization has also been taken care by the implementation of matrix organization. This system enables the transparency of information between branches as well as within the organization. As a result, the internal auditors are able to perform more reliable audits and report for the Audit Committee.
In conclusion, although in the beginning, there was inadequate corporate governance in place. After reviewing the actions that have been taken by the management, the IIA corporate governance seems to be back track. However, regular enforcement and training on the employee by the management and regular monitoring and audit by the internal audit department are required to maintain the good corporate governance.