Closing Address at 1999 National Conference On Internal Auditing "Building The Future of Internal Auditing"
15 June 1999 |   By : Encik Ali Tan Sri Abdul Kadir, Chairman of Securities Commission



15 JUNE 1999,

Assalamualaikum wbt. And a very good afternoon.

Yang Berusaha Pengerusi Majlis Presidents and Board Members of the Institute of Internal Auditors Malaysia, Malaysian Association of Certified Public Accountants and Malaysia Chapter of the Information Systems Audit and Control Association

Ladies and Gentlemen,

When I attended the Annual Meeting at IOSCO in Lisbon recently, I got into a discussion with a fellow delegate on Corporate Governance and I told him about redefining the roles that the auditors, external and internal, need to play and he said that there were so many complex issues in auditing that I as a non-auditor, would not understand! I assure the participants in today's conference that I do indeed know a "bit" about auditing!

I am keen to see internal auditors playing a more proactive role in corporate governance and I would therefore like to congratulate the joint-organizers for their commitment in ensuring a successful, timely and highly relevant conference. In bringing you this significant two-day conference, Building the Future of Internal Auditing, the IIA, the MACPA and the ISACA have demonstrated how professional bodies can play a leadership role in nation building through the pursuit of professional excellence. I am equally pleased to note the very encouraging response shown by professionals by their keen participation in this National Conference. Ladies and gentlemen, your presence attests to your seriousness in wanting to be true professionals which is a good option because in my eyes that is the only option! There is no room for any unprofessional conduct in the auditing profession!

This year's Conference on Internal Auditing is indeed a useful learning vantage for all especially with the advent of the new millennium which places increased demands on every profession, and internal audit being no exception. You have had the benefit of hearing the expert views and gaining from the professional insights from distinguished speakers over the two days. I am confident therefore, that you would have been impressed by the salient fact that in the new millennium, the auditor who is in sync with the inevitable changes and challenges will better weather the storms of tomorrow. The wide-ranging issues discussed at the Conference were thought provoking. Interesting tough leadership subject matters like Cyber Auditing, IT Challenges, Risk Management and Value Added Auditing and Corporate Governance were among the topics that were discussed in this conference.

Ladies and gentlemen, I do not intend to delve into areas that you have deliberated throughout this Conference; but allow me to share my thoughts with you on auditing in general and internal audit in particular.

While there are promising signs of the country coming out of the economic and financial crisis, we must not forget the lessons learnt from it. The crisis was in some ways a wake-up call for many in the business and professional arena to be cognisant of the manifestations of globalization. In the new environment, increasing focus is placed on the need for greater transparency and stronger corporate governance. Hence the immediate challenge is for internal auditors to keep pace with these new demands and requirements.

In facing this challenge, internal auditors must observe several fundamentals. Duty, integrity, independence and of course a healthy dose of skepticism... that is what makes "an auditor and a gentleman" (or a lady!).

Firstly, of paramount importance is the need for internal auditors to preserve their independence and objectivity at all times. Indeed, the hallmark of an internal audit function rests on its ability to provide independent assurance to senior management and the audit committee. Consequently, the internal auditing objectives, work, scope and reporting are all designed to satisfy this need. Objectivity and integrity are perhaps the most critical qualities expected of an auditor and an organization relies heavily on these qualities for an objective assessment of systems and controls.

Secondly, internal auditors must add value across the board to the organization they serve. Internal auditors who concentrate on compliance issues alone will not survive in the new environment. Adding value is felt at two levels: first, in providing assurance to the directors, senior management as well as intermediate levels of management on the existing control of business risks. Second, in enhancing business risk management by highlighting the opportunity to improve the control environment in the business.

Thirdly, internal auditors need to be proactive in order to maximize the value of their services. As organizations position themselves to develop new markets, products, services and processes, internal auditors should be involved at the onset to help identify control and auditability specification for new products and processes. Involvement at the time of development makes the internal auditor's contribution more of a preventive control rather than a post-fact review, which could be seen as detective control. Preventive controls are always more effective and meaningful than detective and corrective controls.

Fourthly, in the area of identification, measurement and reporting of business risk, internal auditors should develop the necessary expertise and possess strategic insight on risk management. Although the identification of risks that have actually materialized is important, I would venture to add that the identification of potential risks and ways to mitigate or avoid the pitfalls, is invaluable. Organizations must depend on internal auditors not only to point out the risks, but also to recommend how such risks can be better managed or controlled. This must be done pro-actively, before the risk materializes into an actual event. Such skills would undoubtedly contribute to greater and better corporate governance.

Fifthly, internal auditors need to understand organizational needs in order to serve the organizations better. Each organization has its own specific requirements for internal auditing services, derived from its industry sector, history, corporate culture and the other attributes that characterize its functions. The internal auditor has to do his homework to fully understand what customers really want and need from internal auditing. The work of internal auditing can then be tailored towards meeting these customers' needs and expectations and in so doing, optimize contribution to the organization. Services can be explained and delivered in a way that allows the valued benefits to permeate throughout the organization.

In order to gain acceptance of their service, internal auditors should not merely identify problems without offering solutions. If a different audit approach is required to gain customer acceptance, a certain amount of flexibility may be in order. In a nutshell, internal auditors also need to adequately market their skills and competencies. However, their objective and independence must not be compromised.

Finally, it is imperative that internal auditors continuously enhance and upgrade their technical skills and competencies so that their services are not rendered obsolete. Quality service should be provided to customers in line with the changing environment. Internal auditors will therefor have to be forward looking and fully embrace skills and technical training relating to the use of information technology.

Ladies and Gentlemen, I had earlier touched on the need to enhance greater transparency and establish good corporate governance. Indeed in the current context of regional economic turmoil, corporate governance has become a "buzzword" that is increasingly gaining acceptance in corporate restructuring and reform exercises. It is now widely accepted that high standards of corporate governance is critical in boosting investor confidence.

In the Malaysian context, initiatives to address and strengthen corporate governance had been well under way even prior to 1997. For instance, the strengthening of corporate governance standards in Malaysian public listed companies was an important element in the Securities Commission's phased programme to move to a disclosure based system for regulating the primary markets which began in 1996. Similarly, the Registrar of Companies had developed its Code of Ethics for Directors in 1996 as part of an initiative to enhance the quality and raise the standard of the board of directors. However, the issue of corporate governance came to a crux only in 1997 with the onset of the economic crisis. The severity of the crisis was unprecedented in Malaysia and precipitated the establishment of a high level "Finance Committee on Corporate Governance". As we are all aware, the Committee successfully completed what is arguably the most comprehensive corporate governance review and reform exercise ever conducted in Malaysia, and indeed in this region.

Given the concerted initiatives to raise the levels of corporate governance, I would like to share some thoughts on my perceptions of corporate governance. First and foremost, good corporate governance is an invaluable tool in guiding and overseeing the management that runs the business. It provides, inter alia, a framework to ensure that directors are providing overall direction, that accountability and control is exercised on executive functions and that regulatory requirements are complied with. Corporate governance could broadly be identified into four areas of activities; namely,

  • Formulating strategic directions for the future of the enterprise in the long run.
  • Executing the actions through the involvement of key executive decisions.
  • Supervising and monitoring the management process.
  • Providing accountability to those who are legitimately responsible and who demand for such accountability.

From a regulator's perspective, effective surveillance and enforcement of law is crucial but it does not end there. Whilst good corporate governance can be imposed through listing requirements and statutory amendments, all the parties must work together to fulfill their respective obligations as enforcement alone cannot guarantee good corporate governance.

In addition, in complex large organizations, management sometimes lack the time, methodology and objectivity needed to effectively and fully monitor the operations of the organization, including the system of internal and business control. In such instances, the furnishing of objective and timely appraisals of the quality of the organization's internal control and systems, would contribute significantly to strengthening management's control of the operation, thus contributing to sound corporate governance.

Another point that is often overlooked is that internal auditors, in supporting the duties of the Audit Committee, also play an important role. Their contribution as business advisor or consultant to the enterprise and their role in ensuring compliance with various statutes, policies and procedures cannot be over-emphasized. It is within this context that I call upon the Institute of Internal Auditors Malaysia, the Malaysian Association of Certified Public Accountants and the Information Systems Audit and Control Association, Malaysia Chapter to focus the attention of their members to this crucial role. Internal auditors of the future will be the catalysts of change management and will increasingly be relied upon by the Board of Directors to assist in the formulation of strategic plans for their organizations.

In 1994, the KLSE made it mandatory for all listed companies to have an Audit Committee. There have been suggestions that without the support of an internal audit function, the Audit Committee may not be able to effectively discharge its oversight function. The Commission is of the view that internal audit plays an integral part in corporate governance and that the establishment of an internal audit function will certainly enhance shareholder and stakeholders value. With this in mind the Commission has therefore initiated recommendation to the High Level Finance Committee to further refine the Code by the introduction of a best practice, that all public listed companies set up an internal audit function. It is also proposed that where there is no internal audit function, the Audit Committee should assess whether there are other means of obtaining assurance of regular review and appraisal and disclose such means. In other words, the Audit Committee would have to disclose how it could function effectively without the support of the internal audit function.

To assist the auditors in discharging their duties, the proposal will embody the critical areas that should fall within the scope and ambit of internal audit. This should include the review and the appraisal of: -

  • The reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information.
  • The systems established to ensure compliance with policies, plans, procedures, laws and regulation.
  • Means of safeguarding assets from various types of losses.
  • The economy and the efficiency with which the company's resources are employed.
  • Operations or programs to ascertain whether results are consistent with established objectives and goals and whether operations are carried out as planned.

Indeed, given the significant role of internal auditors in the new millennium, I urge auditors to equip themselves to meet these challenges head-on. One of the more immediate concerns that the profession would face if all public listed companies were to establish credible internal audit function within their organizations relate to shortage of skilled personnel. This is where, I believe, the IIA, MACPA and ISACA can play a critical role in the training and development of human resources as well as in raising the level and professional standards of the internal auditing profession in Malaysia. In this regard, I am pleased to note that the IIA Malaysia has entered into a strategic alliance with MARA Institute of Technology and Malaysian Institute of Management (MIM) to offer degree and diploma courses in internal auditing.

Ladies and Gentlemen, I trust that you have had a fruitful discussion over the two days and I take this opportunity in wishing all of you the very best in your future endeavors. I therefore declare the 1999 National Conference on Internal Auditing closed.

Issued on behalf of the Securities Commission. Members of the Press may contact the Corporate Affairs Department at (03) 654 8513 (Ann Teoh) or Azmi Harris Ibrahim (03) 654 8184 of fax (03) 651 5078.

about the SC
The Securities Commission Malaysia (SC) was established on 1 March 1993 under the Securities Commission Act 1993 (SCA). We are a self-funded statutory body entrusted with the responsibility to regulate and develop the Malaysian capital market.

General Line: +603-6204 8000
General Email: [email protected]
© Copyright Securities Commission Malaysia.  Contact Us   |    Disclaimer   |   The site is best viewed using Microsoft Edge and Google Chrome with minimum resolution of 1280x1024
Generic Popup