Catch up here on our latest, news, events and publications

Open access to data vital to role of internal audit NEW
January 2018

Internal auditors must be able to freely access any information they need to perform their work effectively, the ECIIA has said in response to the European Commission’s (EC) consultation on the free flow of non-personal data.

“Internal auditors use non-personal data in the course of their audits and report critical findings and comments to senior management, the board and the audit committee,” the ECIIA’s response said. “In particular, such data is used to report on weaknesses in internal control processes, risk management and practices in the organisation.”

The ECIIA said it supported the EC’s proposal to guarantee the access to any data across Europe, which, it added, was especially crucial for internal auditors working in a group with offices in different countries across Europe.

“On the basis of the Global Standards for the profession, internal auditors are bound to follow the requirements of mandatory professional guidance, so, in effect, they have a common approach across Europe,” ECIIA President Farid Aractingi said. “Therefore, subject to the principle of subsidiarity, it would be desirable also to take a common approach to the access of data for the Internal Auditors in Europe.”

The EC’s proposals are set out in its document State of the Union 2017: A framework for the free flow of non-personal data in the EU.

They are meant complement its already existing rules for personal data. The new rules will enable the storage and processing of non-personal data across the Union are intended to boost the competitiveness of European businesses and to modernise public services in an effective EU single market for data services.

Read the ECIIA’s letter of response to the consultation here.

Tags: data, EC
Internal auditors must speak out on governance
December 2017

ECIIA President Farid Aractingi tells the newspaper Les Echos-Cecile Desjardin that auditors must speak out on governance. Here is a translated transcript

What are the current challenges for the European Confederation of Institutes of Internal Auditing?

Working with others, internal auditors are important actors in a governance system that works towards creating sustainable performance. Governance is not an abstract principle dedicated only to ticking boxes in a regulatory framework. It requires a search for balance between the different actors of an organization. Those include the chairman, the CEO, and more generally between the board and the CEO. It also includes finding a balance between regulatory compliance and efficiency. This balance is guaranteed by the three main actors that build the governance system in an organisation: internal audit, risks management and internal controls. We serve the management but also inform them about any issues using our independent viewpoint.

At European level, it means that our profession must speak about corporate governance by, for example, participating on consultations on proposed European Directives, speaking during conferences, issuing discussion papers and guidance either produced solely by ECIIA or with our colleagues in other professional bodies – such as the Federation of European Risk Management Associations (FERMA).

Thanks to our oversight position over so many organisations’ operations, we can provide our unique perspective and recommendations to the European regulations on various issues, such as the management of personal data (GDPR), cybersecurity and audit reform.

How has internal audit evolved over the past few years?

Today, the profession is focused on five distinctive topics: independence, cross functionality, the discipline of execution, exercising pragmatic courage, and fulfilling our role as guardians of the temple of internal controls. Besides technical skills, soft skills are very important. Auditors must develop their capacity to manage contradictions. We must, at the same time; analyse and summarise, recommend control processes and innovate; understand deeply the business while retaining some “naiveté”; communicate verbally and on paper; and navigate between transparency and confidentiality.

All these changes have transformed internal auditors into a robust and well-equipped business partner, supported by both a panoramic 360° vision and a proven methodology, able to make a reliable, independent diagnosis about the issues of the organisation, and to be able to advise. To “win our seat at the table” means being heard by the board and the CEO. To achieve that we must always be more professional, a good communicator, flexible and reactive, with our global vision, searching for the best within all organisations.

Is the profession still attractive?

It depends from one country to the other. Today, more people want to become internal auditors in Athens or Istanbul than in Paris. Our ability to attract people into the profession is declining in Western Europe where internal audit departments have difficulties recruiting new people, although many young people are looking for a job. The profession requests discipline, rigour and a respect of methodologies. It requires flexibility, deadline management, as well as team work and stand-alone work. Maybe this is not in line with the expectations of new generations of workers.

Internal audit is very satisfactory intellectually, though. It is a training school in various domains where we can learn quickly as we change engagements every five to six weeks on average. The profession provides a good “social lift” for those passing through it, a period for developing discernment, and it is an extraordinary starting point to begin from in an organisation. After four years’ experience in internal audit, people can do anything and have a better idea of which area they want to work.

Auditors must remain vigilant
October 2017

Internal auditors need to remain vigilant following recent data showing that macro risks, such as economic growth and the state of monetary policy, weigh heavily on the minds of chief executives in the insurance sector.

“Despite some positive developments, the continuing low-yield environment and the observation that market fundamentals might not properly reflect the underlying credit risk, are still important concerns for the European insurance industry,“ says European Insurance and Occupational Pensions Authority’s (EIOPA) quarterly risk dashboard.

This risk dashboard is based on EIOPA’s analysis of Solvency II data and represents the main risks and vulnerabilities in the European Union insurance sector.

“Internal auditors will welcome the headline news that the risk environment remains constant,” Hervé Gloaguen, chairman of ECIIA’s Insurance Committee. “But the continuing low interest rate environment, political instability in some countries, and the impact of adverse weather events mean that auditors need to be on their guard.”

It is important that internal auditors are positioned within each company to provide objective assurance over key risks. That is best achieved through the three lines of defence model of corporate governance, he added.


Cyber risk tops internal audit list
October 2017

Cyber risk was the most commonly cited threat by heads of internal audit across Europe regardless of nationality or business sector, according to a new report written by some members of ECIIA.

The EU’s General Data Protection Regulation and the broader challenge of managing data came second in the survey Risk in focus: hot topics for internal audit 2018. The pace of innovation businesses face was the third most widely cited risk concern.

“The defining theme of this report is the fundamental impact that technology has in shaping, enabling and disrupting organisations’ operations and strategies,” Farid Aractingi, ECIIA President said. “This is a pressure that requires internal auditors to learn new skills and adopt innovative tools to bolster their capabilities in an increasingly digital world.”

The report’s research team interviewed chief audit executives (CAEs) from major organisations in six European countries – France, Italy, the Netherlands, Spain, Switzerland and the UK.

Not surprisingly there were some regional differences. CAEs in the UK and Spain said that political uncertainty could expose their organisations to fresh threats and opportunities. In the UK, these views were largely prompted by the prospect of Brexit; in Spain they arose within multinational businesses having expanded into Mexico and the implications of the Trump administration’s hostile position towards the country.

Those in the financial services sector showed more concern over regulatory complexity than any other industry. Notably, for CAEs at institutions in France, Italy, the Netherlands and Spain the continuing development of the European Central Bank’s three-year old Single Supervisory Mechanism was cited as a risk.

For much more, read Risk in focus: hot topics for internal audit 2018

Theme author: Web developer Front End Developer Wordpress developer Web developer Front End Developer Wordpress developer Notariusz Szczecin