In a letter to the body – and during a face-to-face meeting – ECIIA said that DG FISMA should promote the governance model in its non-binding guidance to companies on dealing with non-financial reporting. The ECIIA is part of DG FISMA’s stakeholder’s group, which enabled the conversations to take place.
Under the model, the first and second lines of defence are responsible for internal controls and risk management, while internal audit provides independent assurance that those systems are well-designed and functioning properly.
“The model puts internal auditors in an ideal position to assist companies in ensuring accuracy in non-financial reporting,” Henrik Stein, ECIIA President, says.
Internal auditors perform their review based on the International Professional Practices Framework, ECIIA said in its response to formal consultation on the issue. It said internal auditors could provide the board with assurance that their reporting systems were properly aligned with the guidance and capable of producing reliable information.
ECIIA members are invited to sign up today for a major debate at the 20th European Corporate Governance Conference to take place on 4th May in Malta.
The conference will open with keynote speeches from the Maltese Minister for Finance, Edward Scicluna, and the Commissioner for Justice, Consumers and Gender Equality Minister Vĕra Jourová.
Panel discussions on creating long-term value, rebuilding trust with corporate governance, corporate social responsibility and digitisation promise to tackle the most pressing issues facing internal auditors and their stakeholders. Silvio de Girolamo, ECIIA Board Member and Chief Audit Executive, Autogrill Group is a panellist.
“This conference represents a fantastic opportunity for auditors to get up-to-speed with the most recent corporate governance thought-leadership,” Henrik Stein, ECIIA President, says. “The lessons learned should help auditors better understand where their work can add value.”
EBA guidelines need to better reflect internal audit’s proper role
The European Banking Authority’s (EBA) Guidelines on internal governance need to better reflect internal audit’s proper role, the ECIIA has said in its response a consultation on the issue.
“The general impression given throughout the guidelines is that internal audit is understood solely as a traditional and simple control function, checking and confirming adherence to existing rules,” ECIIA President Henrik Stein says in a letter to EBA. “However, internal audit has developed significantly in the past decade.”
Today, internal audit it plays an important supporting role to management across the range of its management and supervisory functions, giving assurance, advice and insight, he adds.
Cyber security moves up agenda at Council of EU
A major conference on emerging cyber issues held under the Slovak Presidency of the Council of the European Union has highlighted the need for businesses to work harder in areas such as cyber security, cyber research and development, crime, defence and diplomacy.
Over 180 delegates attended the gathering in Brussels in December to discuss a range of issues that need urgent attention. Those included how the Network and Information Security Directive (NIS) and the EU’s €1.8bn public-private partnership will help in the fight against cybercrime.
“This is an important initiative in an area of rapid change,” ECIIA President Henrik Stein, says. “Internal auditors will need to pay close attention to the outcome of such discussions if they are to continue to provide sound assurance over their organisations’ cyber responsibilities.”
Meanwhile, ECIIA and the Federation of European Risk Management Associations (FERMA) have already launched a joint initiative aimed at helping organisations strengthen their cyber defences. Its key objective is to help businesses define the best governance model when managing cyber risk.
ECIIA and FERMA collaborate in cyber risk initiative
Given the growing risk posed by cyberattacks on businesses across Europe, ECIIA and the Federation of European Risk Management Associations (FERMA) have launched a joint initiative aimed at helping organisations strengthen their cyber defences.
The group’s key objective is to help define the best governance model when managing cyber risk. The two bodies set up a working group to explore the scope and range of the work needed, which held its first meeting in 11 January 2017 in Brussels.
“We want to explore ways of helping organisations create better risk management and auditing structures to deal with this threat,” Henrik Stein, ECIIA President, says. “Given the fast- moving nature of cyber-risk and recent European legislative changes, a fresh look at how such threats are managed is timely.”
The group will The European Parliament adopted the Network and Information Security Directive July 2016, which EU countries have 21 months to transpose into local legislation – and an extra six months to designate national authorities to deal with cyber matters. The legislation is aimed at strengthening Europe’s cyber defenses.
In May 2016, it adopted the General Data Protection Regulation, which comes into effect 25th May 2018. The legislation introduces tougher measures on data protection and higher sanctions for those who do not comply.
The ECIIA/FERMA working group aims to publish its preliminary findings in the summer.