Catch up here on our latest, news, events and publications
ECIIA Activity report: deepening governance community in Europe
ECIIA worked hard in 2016 to deepen its links with both the broader European governance community and its member institutes, according to its most recent Activity Report.
The Confederation strengthened its co-operation with rule-setters at the European Banking Authority, the European Central Bank and the European Commission through a series of consultations on internal audit guidance.
“We have played a very active part in promoting the value of internal audit in corporate governance structures this year,” Henrik Stein, ECIIA President, says. “That has included participating on working groups on non-financial reporting, for example, and making sure internal auditors’ voices are heard in important consultations.”
In addition, ECIIA strengthened its relationships with other professional bodies. That has included co-hosting events with the European Confederation of Directors’ Associations and the Federation of European Risk Management Associations.
“It is very important that the bodies involved in European corporate governance understand one another and share best practice and thought leadership,” Stein says. “I’m happy to say that collaboration between the different groups is growing stronger by the year.”
The Board and member representatives reformed the ECIIA’s Governance model, producing new Articles of Associations, which were approved at the Extraordinary General Assembly in October. In addition, two extended Board meetings with ECIIA member Chief Executive Officers helped reinforce the strong bonds between all parties.
EBA guidelines need to better reflect internal audit’s proper role
The European Banking Authority’s (EBA) Guidelines on internal governance need to better reflect internal audit’s proper role, the ECIIA has said in its response a consultation on the issue.
“The general impression given throughout the guidelines is that internal audit is understood solely as a traditional and simple control function, checking and confirming adherence to existing rules,” ECIIA President Henrik Stein says in a letter to EBA. “However, internal audit has developed significantly in the past decade.”
Today, internal audit it plays an important supporting role to management across the range of its management and supervisory functions, giving assurance, advice and insight, he adds.
Cyber security moves up agenda at Council of EU
A major conference on emerging cyber issues held under the Slovak Presidency of the Council of the European Union has highlighted the need for businesses to work harder in areas such as cyber security, cyber research and development, crime, defence and diplomacy.
Over 180 delegates attended the gathering in Brussels in December to discuss a range of issues that need urgent attention. Those included how the Network and Information Security Directive (NIS) and the EU’s €1.8bn public-private partnership will help in the fight against cybercrime.
“This is an important initiative in an area of rapid change,” ECIIA President Henrik Stein, says. “Internal auditors will need to pay close attention to the outcome of such discussions if they are to continue to provide sound assurance over their organisations’ cyber responsibilities.”
Meanwhile, ECIIA and the Federation of European Risk Management Associations (FERMA) have already launched a joint initiative aimed at helping organisations strengthen their cyber defences. Its key objective is to help businesses define the best governance model when managing cyber risk.
ECIIA and FERMA collaborate in cyber risk initiative
Given the growing risk posed by cyberattacks on businesses across Europe, ECIIA and the Federation of European Risk Management Associations (FERMA) have launched a joint initiative aimed at helping organisations strengthen their cyber defences.
The group’s key objective is to help define the best governance model when managing cyber risk. The two bodies set up a working group to explore the scope and range of the work needed, which held its first meeting in 11 January 2017 in Brussels.
“We want to explore ways of helping organisations create better risk management and auditing structures to deal with this threat,” Henrik Stein, ECIIA President, says. “Given the fast- moving nature of cyber-risk and recent European legislative changes, a fresh look at how such threats are managed is timely.”
The group will The European Parliament adopted the Network and Information Security Directive July 2016, which EU countries have 21 months to transpose into local legislation – and an extra six months to designate national authorities to deal with cyber matters. The legislation is aimed at strengthening Europe’s cyber defenses.
In May 2016, it adopted the General Data Protection Regulation, which comes into effect 25th May 2018. The legislation introduces tougher measures on data protection and higher sanctions for those who do not comply.
The ECIIA/FERMA working group aims to publish its preliminary findings in the summer.
Non-financial and diversity guidance due Spring 2017
The EC is producing non-binding guidance on how to implement its directive on the disclosure of non-financial and diversity information (2014/95/EU). Originally planned for publication in December 2016, the guidance is now expected in Spring 2017.
The directive requires around 6,000 large organisations to disclose the environmental and social impacts of their activities in their management reports. The first reports are due in 2018, based on financial years that end in 2017.
The European Union has put plans to introduce country-by-country accounting disclosures on ice. Instead, it is revising the existing Shareholder Rights Directive in a move that could create new opportunities for internal auditors, ECIIA says.
The revised directive establishes specific requirements to encourage shareholder engagement in the long term and increase transparency.
Lucia Žitňanská, Minister for Justice of Slovakia who helped broker the agreement with the EU, said: “The financial crisis revealed that in many cases shareholders supported excessive short-term risk-taking by managers. The revised directive is intended to redress this situation and contribute to the sustainability of companies, which will in turn help generate growth and create jobs. ”
Companies will need to improve the transparency of their reporting in several areas – including directors’ performance and remuneration, shareholder engagement and related-party transactions.
“These will be new areas of disclosure for many and having assurance that companies’ reports are fit for purpose will be key,” Henrik Stein, ECIIA President, says. “Internal auditors are well-placed to provide that support and should work with their organisations to ensure that the processes underpinning those requirements provide accurate and timely information.”