Corporate Governance Index shows improvement but new areas of concern are emerging

Cybersecurity remains a big concern. REUTERS/Kacper Pempel/Files

Cybersecurity remains a big concern. REUTERS/Kacper Pempel/Files

Published Feb 1, 2023

Share

The 9th edition of the Institute of Internal Auditors South Africa’s (IIASA) Corporate Governance Index (CGI) report has revealed that in the past two years, organisations have been directing efforts to improve corporate governance ratings, as part of their strategic priority objectives.

These efforts have given reason for the country’s 2.9 CGI score in 2022, a slight improvement from 2.8 out of 4 in 2020.

“The credibility and importance of CGI is that it can be viewed as a barometer to measure the state of governance in organisations by rating seven governance dimensions. These include ethics, compliance, leadership, performance, operational risk, external risk, and assurance,” the report said.

IIASA CEO, Julius Mojapelo, said in a media statement that in the past two years, their overall view on corporate governance had improved, and local organisations were “indeed focusing their efforts on improving their corporate governance ratings, as part of their key strategic priority objectives”.

The report specifically showed improved results in the agriculture, defence, mining, wholesale and retail sectors. “Positively, these sectors have improved their governance ratings in ethics, leadership, risk, and performance in 2022, whereas in previous years they have been rated much lower, Mojapelo said.

The report also focuses on unethical behaviour, corruption, and the protection of whistle-blowers, which are focal points in line with the current governance environment of volatility, uncertainty, complexity, and ambiguity that organisations are experiencing and exposed to, he said.

The report identified the top three emerging risks that organisations should be aware of, mainly: cybersecurity, political interference, and fraud detection.

“Cybersecurity has also been a concern for organisations and companies across the world for years, and threats are evermore voluminous, persistent, and sophisticated,” the report said.

“These threats scale in complexity and are rapid alongside every bite of data. While in the past two years, companies have come to understand the imperativeness to get cybersecurity right, the statistics suggest cyberbullies are still winning.

“However, as cyberattacks worsen, internal audit is becoming a critical player in enterprise cybersecurity and assurance in curbing cyberattacks,” the report said.

Another risk of concern is political interference, which the auditor-general (AG) had flagged and expressed concerns about to Parliament.

These concerns include municipalities and their inability to complete the most basic reporting functions that hinder auditing firms to do their job correctly.

Portfolio committees also asked about relevant legislation available to assist the AG, the safety of the AG’s staff and independent auditors when conducting the audit reports, issues and concerns with municipalities that had undesirable audit outcomes, and the way forward to address these issues without fear of lives.

The report said with regard to fraud detection auditors were often criticised when fraud is discovered. “Although fraud detection is not an audit’s main purpose, it is an important secondary purpose.

“Internal auditors should examine all company activities, not just those that are most convenient to examine. Furthermore, there is a need for efforts by internal auditors to detect fraud,” it said.

BUSINESS REPORT