The U.S. Department of Justice announced this month indictments against executives at Volkswagen, air-bag manufacturer Takata, and three global banks involved in foreign currency trading. This bold action, which reinforced earlier warnings from U.S. regulators that executives and board members will be held personally accountable for wrongdoing, likely sent shudders across corporate C-suites around the world.
Just last week, Samsung’s top executive was kept in a holding cell while a court deliberated whether to issue a warrant for his arrest. Ultimately no arrest warrant was issued for Lee Jae-yong, but he remains the subject of a special prosecutor’s investigation relating to a scandal that led to the impeachment of South Korean President Park Geun-hye. This highly public melodrama comes on the heels of the company’s disastrous rollout of its Galaxy Note 7 model.
It has become exceedingly clear in recent years that compliance failures are no longer merely a risk for fines and penalties to companies. Instead, government officials are increasingly likely to haul offending executives in front of judicial authorities. Instead of the old expression “comply or explain,” for contemporary offenders, it is “comply or explain (to the judge).”
Internal auditors are unlikely to be able to save offending executives in their organizations from the consequences of their own misdeeds. However, they do have an obligation to champion good governance and provide assurance on the effectiveness of compliance controls. Since the turn of the century, corporate compliance failures already have cost the companies involved billions of dollars in lost revenue and fines. The related reputational damage and loss of goodwill has been just as severe. Yet, astoundingly, these kinds of scandals continue to occur on a regular basis. This signals to me that the pressures of today’s dynamic and challenging business environment are not just exposing but exploiting weaknesses in governance.
This is the why I included advocating for good governance in my recent blog post, ”5 Resolutions for Internal Auditors in 2017 to Prepare for the Future.”
Ultimately, good governance practices are what make or break companies, and having an independent and objective evaluation of the effectiveness and efficiency of those practices is critical to success.
I believe every organizational failure includes a breakdown in governance somewhere along the line. Too many of the recent high-profile scandals had clear governance breakdowns that if recognized and addressed could have avoided the problem.
It is a fundamental function of internal audit to evaluate and improve the effectiveness of risk management, control, and governance processes for the organization – especially where statutory and regulatory compliance are concerned. This specific wording comes from the definition of internal auditing contained in the International Professional Practices Framework (IPPF). What’s unwritten — yet should be understood — is that internal auditors must also be advocates for the critical business processes that foster effective compliance.
Here are several ways internal auditors can help strengthen governance and mitigate compliance risks:
I’m certain there are other ways to keep effective compliance risk management and good governance top of mind within the internal audit function and the minds of our stakeholders. As technology and the globalization of trade continue to accelerate, we must not only learn to audit at the speed of risk, we must ensure the building blocks for mitigating risk — compliance controls and governance processes — are protected.
As always, I look forward to your comments.