|Pressure is mounting on directors to maintain close oversight of executive pay and benefits programs; a new IIA Practice Guide will enable internal auditors to help the board balance its fiduciary responsibilities to stakeholders with its responsibility to compensate senior management fairly. |
The IIA’s new Practice Guide, Auditing Executive Compensation and Benefits should be highly useful to CAEs during the process of planning and implementing audit strategies and programs to provide the board with assurance that appropriate and effective controls are in place around ECB programs. The guide explores, among other topics, key executive compensation risks that should be thoroughly understood before assessing whether the controls and governance over ECB programs are effective.
These controversial risks include:
Excessive, illegal, or unethical ECB could be misclassified or otherwise hidden within the financial statements. Operating or financial data could be manipulated to trigger incentive-compensation payments or artificially inflate the value of stock options.
Failure to effectively construct, communicate, and if necessary defend ECB strategies could expose the organization to reputation-tarnishing challenges from shareholders, employees, the media, regulators, and other stakeholders. The organization’s reputation also could be negatively impacted if stakeholders perceive that its ECB programs reward failure or socially unacceptable behavior such as disregard of the environment.
If the ECB program is not competitive with those of peer organizations, key executives could depart, and the organization could be unable to attract replacements with comparable skills and experience. The resulting leadership void could render the organization incapable of meeting the performance expectations of investors and other stakeholders.
Highly complex ECB programs could trigger errors or fraud because calculating proper payments requires the effective operation of many in-house departments and systems. Poorly designed ECB programs tempt management to take excessive risks, commit fraud, or engage in unethical behavior to gain compensation tied to the achievement of short-term performance targets.
“The highly complex executive pay programs of many organizations, not just large ones, contain inherent risks. Poor design could trigger a wide range of unintended consequences ranging from management fraud, to inadvertent over- or under-payments, to a drain of organizational talent. Worse still, such unintended and unanticipated actions often play themselves out very visibly in the media, potentially resulting in long-term reputation damage,” Davis says. “Internal auditors can add great value to the organization by continually monitoring related risks and controls and bringing their findings and recommendations to the attention of management and the board to avoid a crisis.”