Evaluating corporate governance: a key responsibility of auditors

Just as individuals ensure healthier lives by following certain principles, corporations maintain sound management and accountability by adhering to defined governance standards—collectively known as corporate governance.

Corporate governance provides the strategic direction, transparency, and accountability necessary for sustainable success, aligning the organisation's decisions and performance with the interests of shareholders and stakeholders.

While a corporate governance framework guides an organisation's operations, the financial statements reflect those operations as carried out under governance principles.

Auditors safeguard stakeholder interests by providing reasonable assurance that the financial statements present a true and fair view, making their role inherently linked to the governance framework, its implementation, and its resulting operational and financial outcomes.

In accordance with the International Standards on Auditing (ISA), auditors perform their work using sample-based examinations, enabling them to form a reliable opinion on the financial statements.

Sample selection is driven by the assessment of audit risk, which is evaluated through an analysis of corporate governance comprising: (i) strategic guidelines/framework—board oversight and documented policies and procedures; and (ii) internal controls—the implementation of processes to ensure operational efficiency, reliable financial reporting, compliance with laws and regulations, and effective risk management.

Thus, evaluating the adequacy of governance is a fundamental part of the auditor's responsibility, underpinning the assessment of audit risk and the design of appropriate audit procedures.

For listed companies, auditors review the entity's compliance with the Corporate Governance Code issued by BSEC on 3 June 2018.

This includes the structure of the board as recorded with the RJSC; the qualifications of directors (including independent directors); the roles of senior management; the functioning of board committees; the conduct of meetings; governance of subsidiaries; the code of conduct; and the activities of the Audit Committee and NRC, along with restrictions on external auditors.

Required disclosures on the company's website and the separate corporate governance report are also examined.

These assessments, together with applicable laws such as the Companies Act, 1994 and securities laws and directives issued by BSEC, inform audit planning and execution.

For banks and financial institutions, auditors must additionally review prudential guidelines issued by Bangladesh Bank.

For insurance companies and other regulated sectors, relevant guidelines of their respective authorities are considered.

In the case of unlisted and private companies, governance evaluation is conducted under the Companies Act, 1994, complemented by internal policies and standard practices.

In line with the governance framework—covering governance structure, oversight responsibilities, and internal controls—auditors must assess audit risk for all types of organisations, including listed and non-listed companies, private entities, banks, financial institutions, insurance companies, and microcredit institutions.

This assessment is essential for designing appropriate sampling procedures. However, many auditors bypass this requirement and rely on a simplified, traditional approach, selecting samples without properly identifying operational or financial risks.

Audit programs are often prepared with limited evaluation of internal controls, resulting in incomplete coverage and inadequate documentation.

As a result, significant risk areas remain unexamined, leading to poor-quality audits and weaknesses that emerge later.

A recurring concern is that auditors overlook the Corporate Governance (CG) compliance report in listed entities, despite the need to review it before completing the financial audit.

When prepared only afterward, the report cannot fulfill its intended governance purpose.

In conclusion, a robust assessment of corporate governance is essential for planning a risk-responsive audit.

By evaluating governance, oversight, and internal controls—and obtaining sufficient evidence—auditors can design an effective audit programme, ensure an efficient audit process, and issue a sound professional opinion on the adequacy of an entity's governance framework and its overall financial position and performance.

The writer is a fellow member of ICAB and a partner at Basu Banerjee Nath & Co., Chartered Accountants.