To ease doing business, manage risks

A World Bank team of experts report ranked Rwanda in the 150th position out of the 178 selected economies, on “2007 ease of doing business”.

A World Bank team of experts report ranked Rwanda in the 150th position out of the 178 selected economies, on “2007 ease of doing business”.

Singapore ranked first while the Democratic Republic of Congo tailed. The doing business project, provides objective measures of business regulations and their enforcement throughout 178 countries.

It is believed that, doing business information, guides the assessment of regulations that directly impact on economic growth, underlying laws, making cross country comparisons, and identifying good practice reforms.

Protecting investors

The indicators that measure investor protection as per the report include: transparency of transactions (extent of disclosure index), liability for self-dealing (extent of director liability index), shareholders’ ability to sue officers and directors for misconduct (ease of shareholder suits index) and strength of investor protection index.

The indexes vary between 0 and 10, with higher values indicating greater disclosure, greater liability of directors, greater powers of shareholders to challenge the transaction, and better investor protection.

When company assets are managed well, then investors are assured of a healthy business environment. Shareholders suits index; which is likely to affect other indicators may be improved.

Greater shareholders’ powers to challenge the transactions need high risk management parameters. There must be a system in place that allows for corrective action and penalising mismanagement. Responsible management should do whatever it takes to set the company on the right path.

Certifying the shareholders’ expectations, at the same time meeting other stakeholders’ expectations, are the core tasks of executive directors; thus conflict of interests arises, and need high professional skills. 

Shareholders should be vigilant in proposing members of the board. If board of directors act responsively, then you are assured of a corporate governance system in place. 

Internal audit:

One of the corporate governance measure in risk management is an internal audit function.The internal audit function is one of the fundamental “checks and balances” for sound corporate governance.

The community’s expectations of boards and senior management, and of those charged with providing an independent review of a company’s operations and financial accounts, have to be raised.

To meet those expectations, governments and regulatory authorities around the globe have mounted intensive campaigns to improve standards of corporate behaviour and transparency.

They are doing this through the international harmonisation of accounting standards, strengthening the principles of corporate governance, lifting the bar on the “suitability and modesty” of directors and managers.

Stakeholders have also are introducing improved market disclosure standards. It is, in this endeavour that Rwanda has come up with an institution of certified accountants which we expect to be in force early next year.

In this demanding environment therefore, boards and senior management need quality advice from sources that can be trusted and that can offer an objective viewpoint.

There is a need to ensure that internal audit is organised, resourced and empowered so that it can provide competent, impartial and brave advice.

Internal audit functions vary from a narrow concern with compliance or financial accounts to a broader remit reviewing efficiency and effectiveness or acting as an internal consultant.

Role of internal audit

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations.

It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Remember, the basic function of internal audit is independent appraisal of an institution’s internal controls, including controls over financial reporting. Simply put, it is about reviewing activities to ensure that they are carried out as intended.

Of course, a by-product of internal audit will be recommendations on internal control and process improvements that could be made, an important role for internal audit in large and complex financial institutions in particular.

Risk management, on the other hand, is about identifying and assessing inherent risks in the products and activities of an institution, and ensuring that appropriate risk management limits, control mechanisms and mitigation strategies are in place to contain risk within the institution’s risk appetite.

It is critical in helping an institution plan its strategic response to its changing risk profile and ensuring effective risk management processes are in place to respond quickly.

Yes, a checking function (similar to internal audit) is often involved to ensure that the risk control framework is in place and operating as intended; internal audit also plays a complementary role in evaluating whether the controls are practical, whether they are functional and how they might be circumvented.

The distinction is that risk management has the important and continuous responsibility of understanding how actual risk facing the institution is changing periodically, and assessing if the risk limits, controls or mitigations need updating.

Of course, institutions need to ensure cooperation between internal audit and risk management and a clarification of roles, so that unintended gaps do not emerge.

For example, as new procedures are put in place to address emerging risks, the risk management function needs to keep internal audit informed and, vice-versa, if internal audit identifies any weakness or gaps in the application of risk controls.