Blog

ECIIA-Blog-header

Catch up here on our latest, news, events and publications

EC to update non-financial reporting directive NEW
October 2018

The European Commission (EC) is planning to update its non-binding guidance on how to implement the Non-Financial Reporting Directive and set out proposals for consultation in June 2020. The directive, which affects about 6000 companies in Europe, sets out how organisations can effectively communicate the environmental, social and ethical impacts of their behaviour to stakeholders.

Any new guidance is likely to aim at strengthening the link between the existing directive and the recommendations of the Task Force on Climate-related Financial Disclosures and a forthcoming taxonomy of sustainable economic activities, delegates heard in October at a meeting organised by DG FISMA — Directorate-General for Financial Stability, Financial Services and Capital Markets Union (DG FISMA).

Delegates heard how businesses in different countries had sought to implement the directive. In Germany, for example, companies had used a broad variety of formats to report non-financial data. In addition, 81% of companies had their statements audited with limited assurance, with only half publishing an audit certificate in this area, according to a recent study. A separate study examining 80 companies based in France, Germany and the UK, suggested that while almost all reported on their non-financial reporting policies, there was a lack of connection between the policies and outcomes, key performance indicators and risk .

Finally, the EC presented the results of its own initial consultation on how the directive is being implemented. “Some factors are affecting the effectiveness of the directive include the flexibility of the framework, the materiality definition and the assurance process of the information,” according to Tom Dodd, the B3 policy case officer for corporate transparency.

“While the implementation of the directive is still in its early phases across Europe, it is already clear that companies are struggling with the providing assurance that the data that goes into their non-financial reports is robust and reliable,” Farid Aractingi, ECIIA President, says. “That is clearly an area that internal auditors can help with because of their unique oversight role in their organisations.”

ECIIA has already advocated to DG FISMA that businesses adopt the three lines of defence model of corporate governance. Under the model, the first and second lines of defence are responsible for internal controls and risk management, while internal audit provides independent assurance that those systems are well-designed and functioning properly. “The model puts internal auditors in an ideal position to assist companies in ensuring accuracy in non-financial reporting,” Aractingi says.

Click here for more information on the event and copies of the individual presentations made by participants.

ECIIA response to the European Commission consultation ‘Fitness check on the EU framework for public reporting by companies’ NEW
October 2018

ECIIA welcomes the Commission’s fitness check initiative on the EU framework for public reporting by companies.

We believe that the objective of this fitness check on corporate reporting should be to simplify and better tailor the information provided to the need of creditors, investors, and shareholders, instead of creating new layer(s) of requirements or increasing the disclosure requirements.

ECIIA General Assembly 2018
October 2018
The ECIIA General Assembly took place on October 6 in Madrid.
The Board of Directors has welcomed a new representative for Italy: Gianfranco Carolia,  Chief Audit Executive of Ferrovie dello Stato Italiane S.p.A., Member of the Audit Committee of FAO, Founding member of AITRA, Member of the Audit Committee of EBU  and Board and Executive Committee Member of IIA Italy.
Farid Aractingi, Chief Audit, Risk and Organisation Officer of Renault, Chairman of Audit Committees (Bank, Distribution) and previous Chairman of the Board of the IFACI, the French Institute of Internal Auditors has been renominated as ECIIA President.
Gabrielle Rudolf von Rohr, Director at the Cantonal Financial Control in Solothurn and President of IIA Switzerland has been renominated as Treasurer of ECIIA.
Verra Marmalidou, Deputy Director at National Bank of Greece Group Internal Audit and President of IIA Greece has been renominated for 2 years as ECIIA Board member.
Tomáš Pivoňka, Chief Audit Executive at CEZ and President of Czech IIA has been renominated for 2 years as Board member.
The ECIIA Annual Report and the advocacy plans for 2018/2019 have been presented at this occasion.
EBA’s draft regulations on outsourcing need tighter focus
September 2018

The European Banking Authority’s (EBA) draft Guidelines on outsourcing (EBA/CP/2018/11) should give more emphasis on the role of the first and second lines of defence in the oversight of outsourced activities, ECIIA has said in its written response to the consultation.

More specifically speaking, the response continued, management should be in charge of the operational side of the outsourcing arrangements, while risk management and other compliance functions should monitor whether the process is performed properly.

“The internal audit function plays the role of being a third line of defence in such arrangements,” ECIIA Banking Committee Chair Henrik Stein said. “Internal audit must focus on the assurance of the outsourcing framework in terms of the risks that may be being taken.”

“While we believe that EBA’s revision of its guidelines are timely and important, we strongly urge it to reflect best practice by specifically including reference to the three lines of defence governance structure in its new provisions.”

In addition, ECIIA urged EBA to lighten the principles for outsourcing arrangements between different entities within a group of companies because of the lower risk exposure this creates compared to external outsourcing. Similarly, “a distinction should be made for outsourcing services within the European area for those highly-regulated services – such as IT and financial modelling – and other services,” the response to the consultation said.

The ECIIA also said that the role of a risk-based approach to internal audit should be more clearly emphasised. While the document does acknowledge the that risk-based assessment should form part of the audit planning process, it also tries to lay down some requirements in the plan in respect of outsourcing arrangements.

“The inclusion of the outsourced arrangements – or otherwise – in the audit plan should be solely dependent on the results of the risk-based assessments carried by the audit function,” Stein said. “It’s hard to see how that would be helped by prescribing in advance what should be covered.”

EBA’s draft guidelines define which arrangements with third parties are considered as outsourcing and provide criteria for the identification of critical or important functions, which have a stronger impact on the financial institution’s risk profile or on its internal control framework. It says that where such critical or important functions are outsourced, stricter and stronger requirements should apply compared to other outsourcing arrangements.

Risk in Focus 2019: Hot topics for internal auditors
September 2018
We are happy to share the third edition of Risk in Focus defining hot topics for Internal Auditors.
This edition is the result of a collaborative effort between seven European institutes of internal auditors in France, Germany, Italy, the Netherlands, Spain, Sweden and the UK and Ireland. As previously,  Chief Audit Executives (CAEs) have been interviewed in all of these territories and across sectors as part of the qualitative research into priority risk areas that are expected to be addressed in audit plans for 2019 — and further into the future. To supplement the interview process, this year for the first time a survey was distributed that received 311 responses. The European institutes of internal auditors are immensely grateful to everybody who contributed to this report, both the 300- plus CAEs who responded the survey and especially the 42 executives who gave up their time to be interviewed.
The 10 priority risk areas internal audit should address in 2019 are:
  1. Cybersecurity: IT governance & third parties
  2. Data protection & strategies in a post-GDPR world
  3. Digitalisation, automation & AI: technology adoption risks
  4. Sustainability: the environment & social  ethics
  5. Anti-bribery & anti-corruption compliance
  6. Communications risk: protecting brand & reputation
  7. Workplace culture: discrimination & staff inequality
  8. The new era of trade: protectionism & sanctions
  9. Risk governance & controls: adapting to change
  10. Auditing the right risks: taking a genuine risk-based approach

Find out the detailed results of the study here.

Theme author: Web developer Front End Developer Wordpress developer Web developer Front End Developer Wordpress developer Notariusz Szczecin