All businesses, and publicly traded corporations in particular, have faced governance needs and requirements issues going back to their earliest days. For many enterprises, senior management often initially took the lead in setting business and compliance rules and policies for their employees and others to follow. Internal auditors, of course, have made recommendations to improve enterprise governance through their reviews of internal controls. But while internal audit reviews and even management attention often focus on single operating units or corporate office issues, many of today’s larger, multiunit enterprises need improved broad-based facilities for setting rules and procedures—they need efficient and effective governance processes.

Life would be easier for those same enterprises if they just had to rely on strong central leadership, such as a dominant CEO, to authorize and direct implementation of any required governance rules. However, enterprises today at any location or size are faced with ever increasing sets of rules and procedures ranging from local police and public safety ordinances to state, national and sometimes international government-issued rules and laws as well as some broad professional rules. An enterprise must comply with these laws and regulations on a whole series of levels, and compliance failures can potentially result in a variety of penalties. Internal audit can often ...