Catch up here on our latest, news, events and publications
ECIIA hosts the first European Forum for Internal Audit, Banking, Regulation and Supervision NEW
ECIIA launched the inaugural meeting of the European Forum for Internal Audit, Banking, Regulation and Supervision in Frankfurt am Main between November 20 to 21, 2017.
“Good governance requires an effective and independent risk management function, including strong compliance and internal audit operations,” said Pentti Hakkarainen, Executive Director of the European Banking Authority, in a keynote speech at the event. “Internal audit needs sufficient standing, they must be independent from the other functions, and they require direct access to the board.”
Hakkarainen added that internal audit ensures that internal processes and risk management are functioning effectively. But while compliance was important, internal audit should aim at improving their institutions’ governance and business conduct. “Effective internal audits ensure sound governance and reduce operational risks,” he said.
“Supervisors and Internal auditors must work together for mutual benefit,” Henrik Stein, Chairman of ECIIA’s Banking Committee, said in his keynote speech. “Internal auditors should remain independent – including from supervisors.”
Stein stress the importance of independent, value-adding internal audit in order to achieve a safe and sound banking sector. Thierry Thouvenot, ECIIA Vice Chairman, said that further positive co-operation and more open communication across the industry creating a level playing field for banks, more trust in the sector and higher international standards in his closing remarks at the conference.
Representatives from EBA, ECB and 80 chief audit executives attended from SSM supervised banks.
“Risk managers and internal auditors play an important role of coordination and cooperation to build an effective and resilient cyber security system within an organisation,” ECIIA President Henrik Stein says. ”We hope to convince organisations and regulators about the importance of a strong governance model to mitigate cyber risks.”
The guidance outlines a comprehensive risk management approach to cybersecurity, a cyber awareness program covering everyone in the organisation from top to bottom and, most important, the interactions between the three lines of defense to facilitate the communication to the board that is ultimately responsible for the oversight of the cyber governance framework.
Internal auditors need to remain vigilant following recent data showing that macro risks, such as economic growth and the state of monetary policy, weigh heavily on the minds of chief executives in the insurance sector.
“Despite some positive developments, the continuing low-yield environment and the observation that market fundamentals might not properly reflect the underlying credit risk, are still important concerns for the European insurance industry,“ says European Insurance and Occupational Pensions Authority’s (EIOPA) quarterly risk dashboard.
This risk dashboard is based on EIOPA’s analysis of Solvency II data and represents the main risks and vulnerabilities in the European Union insurance sector.
“Internal auditors will welcome the headline news that the risk environment remains constant,” Hervé Gloaguen, chairman of ECIIA’s Insurance Committee. “But the continuing low interest rate environment, political instability in some countries, and the impact of adverse weather events mean that auditors need to be on their guard.”
It is important that internal auditors are positioned within each company to provide objective assurance over key risks. That is best achieved through the three lines of defence model of corporate governance, he added.
Cyber risk was the most commonly cited threat by heads of internal audit across Europe regardless of nationality or business sector, according to a new report written by some members of ECIIA.
The EU’s General Data Protection Regulation and the broader challenge of managing data came second in the surveyRisk in focus: hot topics for internal audit 2018. The pace of innovation businesses face was the third most widely cited risk concern.
“The defining theme of this report is the fundamental impact that technology has in shaping, enabling and disrupting organisations’ operations and strategies,” Farid Aractingi, ECIIA President said. “This is a pressure that requires internal auditors to learn new skills and adopt innovative tools to bolster their capabilities in an increasingly digital world.”
The report’s research team interviewed chief audit executives (CAEs) from major organisations in six European countries – France, Italy, the Netherlands, Spain, Switzerland and the UK.
Not surprisingly there were some regional differences. CAEs in the UK and Spain said that political uncertainty could expose their organisations to fresh threats and opportunities. In the UK, these views were largely prompted by the prospect of Brexit; in Spain they arose within multinational businesses having expanded into Mexico and the implications of the Trump administration’s hostile position towards the country.
Those in the financial services sector showed more concern over regulatory complexity than any other industry. Notably, for CAEs at institutions in France, Italy, the Netherlands and Spain the continuing development of the European Central Bank’s three-year old Single Supervisory Mechanism was cited as a risk.
The ECIIA elected Farid Aractingi as President of its management board at the body’s annual conference in Switzerland.
Aractingi (centre in image) was previously Vice President of ECIIA. He is Chief Audit, Risk and Organisation Officer of Renault and a former Chairman of the Board of the IFACI, the French Institute of Internal Auditors, where he is now an honorary member.
“I’m looking forward to building on the great progress ECIIA has made in being the voice of the internal audit profession across Europe,” Aractingi said. “Henrik has done a fantastic job of raising the profession’s profile and authority among our many stakeholders over the past three years. I intend to build upon that firm foundation.”
Henrik Stein stepped down as President.
Thierry Thouvenot (left in image) was elected Vice President. Thouvenot has been IIA Luxembourg Chairman since 2012. Gabrielle Rudolf von Rohr (right in image) was appointed ECIIA Treasurer.
Jens motel now represents IIA Germany on the board and Manuel de Alzua, IIA Spain. The former Yugoslav Republic of Macedonia became an ECIIA member for the first time.
The European Commission has launched measures to strengthen cyber security across Europe.
It proposes to extend the powers of ENISA, Europe’s current cyber agency. In particular, the proposals aim to ensure ENISA is better placed to support member states in implementing the NIS Directive. And the agency will become a centre of expertise on cybersecurity certification, if the proposals are approved.
“ECIIA welcomes the strengthening of cross-border efforts to tackle the growing threat of cybercrime,” Henrik Stein, ECIIA President, says. “A more standardised certification system for ICT products across Europe could help improve assurance and transparency in the market.”
Implementing the NIS Directive is seen by the Commission as vital plank in its cyber strategy.
“The NIS Directive is a first essential step with a view to promoting a culture of risk management, by introducing security requirements as legal obligations for the key economic actors,” says the paper.
Internal auditors will play an important role in ensuring organisations comply with the new security requirements and have systems in place to better combat cybercrime.
The cyber security package was issued by the Directorate-General for Communications Networks, Content and Technology.
It builds on the Commissions objectives to:
Increase capabilities and preparedness of member states and businesses
Improve cooperation and coordination across Member States and EU
institutions, agencies and bodies
Increase EU level capabilities to complement the action of Member States, in particular in the case of cross-border cyber crises
Boost awareness of citizens and businesses on cybersecurity issues
Increase the overall transparency of cybersecurity assurance of ICT products and services to strengthen trust in the digital single market and in digital innovation; and
Avoid fragmentation of certification schemes in the EU and related security
requirements and evaluation criteria across Member States and sectors.
Ten years on – greater focus on ethics still needed
Ten years on from the financial crisis a greater focus on ethics is needed in how businesses are exploiting new technologies, according to a recent report from the accountancy body ACCA.
Nearly two thirds of respondents in its recent survey Ethics and trust in a digital age call for strong ethical leadership. Just over half 54% call for guidance on a new code of ethics for the digital age.
‘In the digital age there needs to be more, not less, importance placed on the ethical and professional judgement of individuals,” Maggie McGhee, Director of professional insights at ACCA. “What many are calling for is guidance and leadership on how to respond.”
“All those involved in decision-making levels in business should be aware of how new technologies can affect their reputation and consider how to support their employees in doing the right thing,” she added.
“Internal auditors can help provide leadership in this area,” Henrik Stein, ECIIA President, says. “With their unique oversight role across the business, they are well-placed to objectively assess and investigate the overall ethical impact of digital developments throughout and beyond the organisation.”
The report provides guidance on how internal auditors and accountants can get up to speed in this fast-developing area, including:
Building knowledge of emerging technologies and digital issues to reduce risk of compromise to professional competence and due care
Combining process control with a strategic view to reduce the risk of unintended consequences
Evaluating mechanisms for reporting unethical behaviour to reduce the risk of breaches.