Catch up here on our latest, news, events and publications
Sign up today for free governance and cyber conference NEW
ECIIA members can sign up today for a free cyber risk governance conference to be held in Brussels on 29 June hosted by MEP Antennas Guoga.
The event – organised jointly by ECIIA and FERMA – will present recommendations a new cyber risk governance model designed to include key internal stakeholders, the risk and audit committees. A working group representing risk managers and internal auditors from eight EU countries developed the model and other recommendations that will be presented at the event.
The proposed model will increase cyber-resilience, define the key stakeholders and the conditions for success.
European regulations requiring companies to report and pay tax on their profits in the country in which they arise moved a step closer this month.
The so-called country-by-country reporting regime is meant to prevent companies aggregating their profits from across the EU and paying tax in a jurisdiction of their own choosing.
And on 12th June, the ECON and JURI Committees of the European Parliament approved the proposals with possible exemptions for commercially sensitive information. Companies may be able to apply for exemptions to authorities in member states.
Internal audit would have an important role to play in assuring that the processes involved in collating tax information were robust and fit for purpose.
Speaking last summer at a breakfast meeting jointly organised by ECIIA and FERMA to discuss the implications of the new rules, ECIIA spokesman Silvio de Girolamo, Chief Audit Executive at Italy’s Autogrill, said: “As the third line of defence in organisations, and depending on the maturity of the tax processes, internal audit may provide assurance about tax reporting, or function as an adviser.”
He said internal auditors would be able to coordinate their work with chief risk officers and tax managers to ensure controls around tax reporting were complete and effective. This would also help minimise the duplication of the effort needed to comply with the new provisions.
After approving the draft report on the country-by-country tax proposals, the committees failed to reach the qualified majority needed to enter negotiations with the European Council. The draft report will now go to Plenary.
“Everything possible should be done to strengthen the role, position and independence of chief audit executives in all organisations and in all sectors across Europe,” the ECIIA has said in its response to recent EU’s DG Justice and Consumers consultation on whistleblowing.
Given the increasing distrust among the public of both government institutions and private business, the ECIIA said that the protection of whistle blowers and critical voices was more important than ever.
In the course of their duties, internal auditors often uncover weaknesses in an organisation’s key control processes and report that to the board and senior management.
“Against that background, it is vital that the chief audit executive should benefit from the strongest protection against the possibility of adverse treatment by senior management in response to those critical findings and comments – such as the termination of the working contract,” ECIIA President Henrik Stein says.
Internal auditors follow mandatory global standards for auditing and for ethical behaviour, Stein added. That should form the basis of a common approach for developing legal protection for internal auditors.
Internal auditors and SAIs share best practice
Internal auditors and representatives from supreme audit institutions shared best practices at a recent seminar in Brussels, organised jointly by ECIIA and EUROSAI.
For example, the Austrian Court of Audit said that it was creating knowledge communities with its internal audit partners to develop better processes for transferring operational knowledge to help increase the effectiveness of audits.
SAI Netherlands explained that building a robust working relationship with internal audit had led to it having unrestricted access to the electronic working files of the internal audit function. It also said it now discussed the performed auditors’ work in regular meetings with top management from the internal audit team.
“These collaborations are great examples of best practice,” ECIIA President Henrik Stein says. “ECIIA and EUROSAI will be jointly promoting such initiatives over the coming years.”
The professional bodies are planning to extend their partnership in a range of areas. Possible themes for future cooperation identified at the meeting included reducing costs in the public sector, reducing certain risks relating to cybersecurity, for example, and improving good governance in the public sector.