“Risk managers and internal auditors play an important role of coordination and cooperation to build an effective and resilient cyber security system within an organisation,” ECIIA President Henrik Stein says. ”We hope to convince organisations and regulators about the importance of a strong governance model to mitigate cyber risks.”
The guidance outlines a comprehensive risk management approach to cybersecurity, a cyber awareness program covering everyone in the organisation from top to bottom and, most important, the interactions between the three lines of defense to facilitate the communication to the board that is ultimately responsible for the oversight of the cyber governance framework.
Ten years on – greater focus on ethics still needed
Ten years on from the financial crisis a greater focus on ethics is needed in how businesses are exploiting new technologies, according to a recent report from the accountancy body ACCA.
Nearly two thirds of respondents in its recent survey Ethics and trust in a digital age call for strong ethical leadership. Just over half 54% call for guidance on a new code of ethics for the digital age.
‘In the digital age there needs to be more, not less, importance placed on the ethical and professional judgement of individuals,” Maggie McGhee, Director of professional insights at ACCA. “What many are calling for is guidance and leadership on how to respond.”
“All those involved in decision-making levels in business should be aware of how new technologies can affect their reputation and consider how to support their employees in doing the right thing,” she added.
“Internal auditors can help provide leadership in this area,” Henrik Stein, ECIIA President, says. “With their unique oversight role across the business, they are well-placed to objectively assess and investigate the overall ethical impact of digital developments throughout and beyond the organisation.”
The report provides guidance on how internal auditors and accountants can get up to speed in this fast-developing area, including:
Building knowledge of emerging technologies and digital issues to reduce risk of compromise to professional competence and due care
Combining process control with a strategic view to reduce the risk of unintended consequences
Evaluating mechanisms for reporting unethical behaviour to reduce the risk of breaches.
The EC has adopted guidelines to help companies make better disclosure on the environmental and social impact of their activities.
The guidelines aim to help companies develop their non-financial reporting in ways that are more consistent and comparable. The EC says it wants to boost corporate transparency and performance, as well as encourage companies to embrace a more sustainable approach.
“Europe needs to take the lead in making economies greener and more sustainable,” Valdis Dombrovskis, Vice-President responsible for Euro and Social Dialogue, Financial Stability, Financial Services and Capital Market Union, said: “By providing relevant information on their environmental and social credentials, companies are doing themselves a favour and helping their investors, lenders and society at large.”
Meanwhile, the EC’s high-level expert group on sustainable finance has published its first report setting out concrete steps to create a financial system that supports sustainable investments. The Commission intends to explore some of the report’s recommendations that may help create a low carbon, more resource-efficient and sustainable economy.
“It will be very important for organisations to have robust processes underpinning their non-financial reporting systems,” Henrik Stein, ECIIA President, said. “Internal audit’s unique oversight position as the third line of defence gives it a critical role to play in helping organisations improve their non-financial reporting capabilities.”
The adoption of the new guidelines will supplement the already existing EU rules on non-financial reporting (Directive 2014/95/EU). Companies falling within its scope have to disclose relevant information on policies, risks and results as regards environmental matters, social and employee-related aspects, as well as respect for human rights, anti-corruption and bribery issues, and diversity on the boards of directors.
Internal auditors can strengthen fight against financial crime
The European Union’s fourth anti-money laundering directive, which came into effect at the end of June, outlines a greater role for internal audit in fighting financial crime, says ECIIA.
All organisations will need to strengthen their practices, policies and documentation showing that they have properly assessed the risks of breaching the new rules. And, under the directive, internal audit teams, where necessary, must test internal policies, controls and procedures.
“Given the unique position of internal auditors to work across an organisation’s entire enterprise, they will have an important role to play in providing assurance to the board that their business is ready for the fourth directive,” Henrik Stein, ECIIA President, says. “In addition, auditors can recommend improvements to how the risk assessment is conducted so that it meets the new rigorous requirements.”
Organisations need to demonstrate and document that risk assessments are conducted and kept up to date, taking into account risk factors including those relating to their customers, countries or geographic areas, products, services, transactions or delivery channels. In addition, organisations will require written money laundering policies and procedures that take their business’ risk assessment into consideration.
European regulations requiring companies to report and pay tax on their profits in the country in which they arise moved a step closer this month.
The so-called country-by-country reporting regime is meant to prevent companies aggregating their profits from across the EU and paying tax in a jurisdiction of their own choosing.
And on 12th June, the ECON and JURI Committees of the European Parliament approved the proposals with possible exemptions for commercially sensitive information. Companies may be able to apply for exemptions to authorities in member states.
Internal audit would have an important role to play in assuring that the processes involved in collating tax information were robust and fit for purpose.
Speaking last summer at a breakfast meeting jointly organised by ECIIA and FERMA to discuss the implications of the new rules, ECIIA spokesman Silvio de Girolamo, Chief Audit Executive at Italy’s Autogrill, said: “As the third line of defence in organisations, and depending on the maturity of the tax processes, internal audit may provide assurance about tax reporting, or function as an adviser.”
He said internal auditors would be able to coordinate their work with chief risk officers and tax managers to ensure controls around tax reporting were complete and effective. This would also help minimise the duplication of the effort needed to comply with the new provisions.
After approving the draft report on the country-by-country tax proposals, the committees failed to reach the qualified majority needed to enter negotiations with the European Council. The draft report will now go to Plenary.