Assalamualaikum wbt. And a very good afternoon.

Yang Berusaha Pengerusi Majlis Presidents and Board Members of the Institute of Internal Auditors Malaysia, Malaysian Association of Certified Public Accountants and Malaysia Chapter of the Information Systems Audit and Control Association

Ladies and Gentlemen,

When I attended the Annual Meeting at IOSCO in Lisbon recently, I got into a discussion with a fellow delegate on Corporate Governance and I told him about redefining the roles that the auditors, external and internal, need to play and he said that there were so many complex issues in auditing that I as a non-auditor, would not understand! I assure the participants in today's conference that I do indeed know a "bit" about auditing!

I am keen to see internal auditors playing a more proactive role in corporate governance and I would therefore like to congratulate the joint-organizers for their commitment in ensuring a successful, timely and highly relevant conference. In bringing you this significant two-day conference, Building the Future of Internal Auditing, the IIA, the MACPA and the ISACA have demonstrated how professional bodies can play a leadership role in nation building through the pursuit of professional excellence. I am equally pleased to note the very encouraging response shown by professionals by their keen participation in this National Conference. Ladies and gentlemen, your presence attests to your seriousness in wanting to be true professionals which is a good option because in my eyes that is the only option! There is no room for any unprofessional conduct in the auditing profession!

This year's Conference on Internal Auditing is indeed a useful learning vantage for all especially with the advent of the new millennium which places increased demands on every profession, and internal audit being no exception. You have had the benefit of hearing the expert views and gaining from the professional insights from distinguished speakers over the two days. I am confident therefore, that you would have been impressed by the salient fact that in the new millennium, the auditor who is in sync with the inevitable changes and challenges will better weather the storms of tomorrow. The wide-ranging issues discussed at the Conference were thought provoking. Interesting tough leadership subject matters like Cyber Auditing, IT Challenges, Risk Management and Value Added Auditing and Corporate Governance were among the topics that were discussed in this conference.

Ladies and gentlemen, I do not intend to delve into areas that you have deliberated throughout this Conference; but allow me to share my thoughts with you on auditing in general and internal audit in particular.

While there are promising signs of the country coming out of the economic and financial crisis, we must not forget the lessons learnt from it. The crisis was in some ways a wake-up call for many in the business and professional arena to be cognisant of the manifestations of globalization. In the new environment, increasing focus is placed on the need for greater transparency and stronger corporate governance. Hence the immediate challenge is for internal auditors to keep pace with these new demands and requirements.

In facing this challenge, internal auditors must observe several fundamentals. Duty, integrity, independence and of course a healthy dose of skepticism... that is what makes "an auditor and a gentleman" (or a lady!).

Firstly, of paramount importance is the need for internal auditors to preserve their independence and objectivity at all times. Indeed, the hallmark of an internal audit function rests on its ability to provide independent assurance to senior management and the audit committee. Consequently, the internal auditing objectives, work, scope and reporting are all designed to satisfy this need. Objectivity and integrity are perhaps the most critical qualities expected of an auditor and an organization relies heavily on these qualities for an objective assessment of systems and controls.

Secondly, internal auditors must add value across the board to the organization they serve. Internal auditors who concentrate on compliance issues alone will not survive in the new environment. Adding value is felt at two levels: first, in providing assurance to the directors, senior management as well as intermediate levels of management on the existing control of business risks. Second, in enhancing business risk management by highlighting the opportunity to improve the control environment in the business.

Thirdly, internal auditors need to be proactive in order to maximize the value of their services. As organizations position themselves to develop new markets, products, services and processes, internal auditors should be involved at the onset to help identify control and auditability specification for new products and processes. Involvement at the time of development makes the internal auditor's contribution more of a preventive control rather than a post-fact review, which could be seen as detective control. Preventive controls are always more effective and meaningful than detective and corrective controls.

Fourthly, in the area of identification, measurement and reporting of business risk, internal auditors should develop the necessary expertise and possess strategic insight on risk management. Although the identification of risks that have actually materialized is important, I would venture to add that the identification of potential risks and ways to mitigate or avoid the pitfalls, is invaluable. Organizations must depend on internal auditors not only to point out the risks, but also to recommend how such risks can be better managed or controlled. This must be done pro-actively, before the risk materializes into an actual event. Such skills would undoubtedly contribute to greater and better corporate governance.

Fifthly, internal auditors need to understand organizational needs in order to serve the organizations better. Each organization has its own specific requirements for internal auditing services, derived from its industry sector, history, corporate culture and the other attributes that characterize its functions. The internal auditor has to do his homework to fully understand what customers really want and need from internal auditing. The work of internal auditing can then be tailored towards meeting these customers' needs and expectations and in so doing, optimize contribution to the organization. Services can be explained and delivered in a way that allows the valued benefits to permeate throughout the organization.

In order to gain acceptance of their service, internal auditors should not merely identify problems without offering solutions. If a different audit approach is required to gain customer acceptance, a certain amount of flexibility may be in order. In a nutshell, internal auditors also need to adequately market their skills and competencies. However, their objective and independence must not be compromised.

Finally, it is imperative that internal auditors continuously enhance and upgrade their technical skills and competencies so that their services are not rendered obsolete. Quality service should be provided to customers in line with the changing environment. Internal auditors will therefor have to be forward looking and fully embrace skills and technical training relating to the use of information technology.

Ladies and Gentlemen, I had earlier touched on the need to enhance greater transparency and establish good corporate governance. Indeed in the current context of regional economic turmoil, corporate governance has become a "buzzword" that is increasingly gaining acceptance in corporate restructuring and reform exercises. It is now widely accepted that high standards of corporate governance is critical in boosting investor confidence.

In the Malaysian context, initiatives to address and strengthen corporate governance had been well under way even prior to 1997. For instance, the strengthening of corporate governance standards in Malaysian public listed companies was an important element in the Securities Commission's phased programme to move to a disclosure based system for regulating the primary markets which began in 1996. Similarly, the Registrar of Companies had developed its Code of Ethics for Directors in 1996 as part of an initiative to enhance the quality and raise the standard of the board of directors. However, the issue of corporate governance came to a crux only in 1997 with the onset of the economic crisis. The severity of the crisis was unprecedented in Malaysia and precipitated the establishment of a high level "Finance Committee on Corporate Governance". As we are all aware, the Committee successfully completed what is arguably the most comprehensive corporate governance review and reform exercise ever conducted in Malaysia, and indeed in this region.

Given the concerted initiatives to raise the levels of corporate governance, I would like to share some thoughts on my perceptions of corporate governance. First and foremost, good corporate governance is an invaluable tool in guiding and overseeing the management that runs the business. It provides, inter alia, a framework to ensure that directors are providing overall direction, that accountability and control is exercised on executive functions and that regulatory requirements are complied with. Corporate governance could broadly be identified into four areas of activities; namely,

• Formulating strategic directions for the future of the enterprise in the long run.
• Executing the actions through the involvement of key executive decisions.
• Supervising and monitoring the management process.
• Providing accountability to those who are legitimately responsible and who demand for such accountability.