It Auditing

1. A. Corporate Governance is a set of relationship between the stakeholders, managers, company’s board, shareholders and even the employees. It should indicate the company’s object and give the board structure to achieve the goal. In order to achieve the goal, corporate governance should provide proper incentive which include bonus, stock or prizes.

I believe the top three components need to build an effective corporate governance structure are shareholder rights and responsibilities, managers’ good execution and effective internal auditor. First of all, we need rules, a structure or the tone of shareholder. Shareholder can give a object that company should achieve in the future and indicate the rules which managers should followed during the process. In addition, according to shareholder’s tone managers can understand what they should do or shouldn’t do during the process. These are liability of shareholders. Secondly, we need good execution to process structure. Good execution is a link between shareholders’ structure and employees’ action. If there is an interruption between shareholders and employees the structure can’t be conversion to action. The last factor should be consider is an effective internal auditor. An effective internal auditor can make sure everyone does right things and does things right. If there are some deviation or mistakes, the auditor can help managers or employees to modify it. In addition, an effective could also give some feedback or add some value to the company. Therefore, shareholder’s responsibilities, managers’ good execution and effective internal auditor are top three components need to build an effective corporate governance structure.

B. Regarding part A answer, I think trust play an important role which is connection between shareholders, managers and employees. Mr. Munger believes trust based system is more efficient than compliance-based system, but only if self-interested behavior among employees and executives is low. In trust based system manager can trust employees do things right and they will follow the rules. Hence, the company don’t need any control. However, most employees are self-interested and most companies don’t have high executives. Therefore, most companies need rules. Nevertheless, the trust still need in a company. Shareholders need to trust managers will understand structure and followed structure to make a proper decision. Managers need to trust employees will followed their direction and make a proper action. Everyone trusts people will do right things to achieve their expectation. If there is no trust between people, things can’t going on. Therefore, trust is a connection between shareholders, managers and employees.

C. First of all, internal audit is an independent and objective position. They don’t need to report to CEO/CFO. They can report to board or audit committee. Therefore internal auditors don’t control by CEO/CFO. They don’t need to worry about fire by CEO/CFO because they expose something. This makes them independent and objective. Secondly, the object of internal audit is to assurance information and consulting activity. It helps companies achieve goals by following regulations and prevent /detect fraud or other financial crimes by internal control. This helps companies monitor their activities more effectively. Thirdly, undergo analyze companies’ control, internal auditor could find some weaknesses which companies should improve in the future. They can help managers to improve or redesign the control system. This action actually add value to companies. Above three factors make internal auditors monitoring activities and control companies overall system effectively.

Traditional auditors like to use checking-the-box when they processing control. However, managers may think the auditors do nothing except draw some check-marks on their notes. Like some auditors believe managers do nothing except click the mouse. The reason for this situation is that they did not establish a common language. For the auditors side, it is necessary to establish a common risk language which managers know what auditors saying. That is to say let mangers know how much risk will be and what kinds of control should do. If auditors and managers establish common language like”inherent risk, residue risk”, managers will have a better understanding of the information to reach the goal.

According to the class, level of control can divided into corporate strategy and risk profile. Hence, both two factors can affect level of control. Most companies prefer low risk profile, if we assume corporate strategy is a constant number the level of control will be low. However, we live in a world of rapidly evolving. Things are changing in everywhere at anytime. Take internet for example, we may use a firewall today however, new virus may invade your computer tomorrow. The video “This is the world we live in” indicate that most companies want to drive strategy in a global economy. Correspondingly, their corporate strategy will become high and the level of control will become high as well. Even though a company’s risk profile is low, their level of control could be medium or high. Hence, with the development of the world, most companies’ level of control will grow.