Blog

ECIIA-Blog-header

Catch up here on our latest, news, events and publications

EBA guidelines need to better reflect internal audit’s proper role NEW
February 2017

The European Banking Authority’s (EBA) Guidelines on internal governance need to better reflect internal audit’s proper role, the ECIIA has said in its response a consultation on the issue.

“The general impression given throughout the guidelines is that internal audit is understood solely as a traditional and simple control function, checking and confirming adherence to existing rules,” ECIIA President Henrik Stein says in a letter to EBA. “However, internal audit has developed significantly in the past decade.”

Today, internal audit it plays an important supporting role to management across the range of its management and supervisory functions, giving assurance, advice and insight, he adds.

An up-to-date definition of audit’s role can be found in the IIA’s International Professional Practices Framework (IPPF). This includes, International Standards for the Professional Practice of Internal Auditing, the definition of internal auditing, the code of ethics, practice advisories and other guidance.

Read ECIIA’s specific proposals here.

Cyber security moves up agenda at Council of EU NEW
February 2017

A major conference on emerging cyber issues held under the Slovak Presidency of the Council of the European Union has highlighted the need for businesses to work harder in areas such as cyber security, cyber research and development, crime, defence and diplomacy.

Over 180 delegates attended the gathering in Brussels in December to discuss a range of issues that need urgent attention. Those included how the Network and Information Security Directive (NIS) and the EU’s €1.8bn public-private partnership will help in the fight against cybercrime.

“This is an important initiative in an area of rapid change,” ECIIA President Henrik Stein, says. “Internal auditors will need to pay close attention to the outcome of such discussions if they are to continue to provide sound assurance over their organisations’ cyber responsibilities.”

Meanwhile, ECIIA and the Federation of European Risk Management Associations (FERMA) have already launched a joint initiative aimed at helping organisations strengthen their cyber defences. Its key objective is to help businesses define the best governance model when managing cyber risk.

For a summary of the conference, click here.

ECIIA and FERMA collaborate in cyber risk initiative NEW
January 2017

Given the growing risk posed by cyberattacks on businesses across Europe, ECIIA and the Federation of European Risk Management Associations (FERMA) have launched a joint initiative aimed at helping organisations strengthen their cyber defences.

The group’s key objective is to help define the best governance model when managing cyber risk. The two bodies set up a working group to explore the scope and range of the work needed, which held its first meeting in 11 January 2017 in Brussels.

“We want to explore ways of helping organisations create better risk management and auditing structures to deal with this threat,” Henrik Stein, ECIIA President, says. “Given the fast- moving nature of cyber-risk and recent European legislative changes, a fresh look at how such threats are managed is timely.”

The group will The European Parliament adopted the Network and Information Security Directive July 2016, which EU countries have 21 months to transpose into local legislation – and an extra six months to designate national authorities to deal with cyber matters. The legislation is aimed at strengthening Europe’s cyber defenses.

In May 2016, it adopted the General Data Protection Regulation, which comes into effect 25th May 2018. The legislation introduces tougher measures on data protection and higher sanctions for those who do not comply.

The ECIIA/FERMA working group aims to publish its preliminary findings in the summer.

Non-financial and diversity guidance due Spring 2017
December 2016

The EC is producing non-binding guidance on how to implement its directive on the disclosure of non-financial and diversity information (2014/95/EU). Originally planned for publication in December 2016, the guidance is now expected in Spring 2017.

The directive requires around 6,000 large organisations to disclose the environmental and social impacts of their activities in their management reports. The first reports are due in 2018, based on financial years that end in 2017.

New reporting requirements shift disclosure focus
December 2016

The European Union has put plans to introduce country-by-country accounting disclosures on ice. Instead, it is revising the existing Shareholder Rights Directive in a move that could create new opportunities for internal auditors, ECIIA says.

The revised directive establishes specific requirements to encourage shareholder engagement in the long term and increase transparency.

Lucia Žitňanská, Minister for Justice of Slovakia who helped broker the agreement with the EU, said: “The financial crisis revealed that in many cases shareholders supported excessive short-term risk-taking by managers. The revised directive is intended to redress this situation and contribute to the sustainability of companies, which will in turn help generate growth and create jobs. ”

Companies will need to improve the transparency of their reporting in several areas – including directors’ performance and remuneration, shareholder engagement and related-party transactions.

“These will be new areas of disclosure for many and having assurance that companies’ reports are fit for purpose will be key,” Henrik Stein, ECIIA President, says. “Internal auditors are well-placed to provide that support and should work with their organisations to ensure that the processes underpinning those requirements provide accurate and timely information.”

Tags: EU, reporting
Theme author: Web developer Front End Developer Wordpress developer Web developer Front End Developer Wordpress developer Notariusz Szczecin