Blog

ECIIA-Blog-header

Catch up here on our latest, news, events and publications

ECIIA response to the European Commission consultation ‘Fitness check on the EU framework for public reporting by companies’
October 2018

ECIIA welcomes the Commission’s fitness check initiative on the EU framework for public reporting by companies.

We believe that the objective of this fitness check on corporate reporting should be to simplify and better tailor the information provided to the need of creditors, investors, and shareholders, instead of creating new layer(s) of requirements or increasing the disclosure requirements.

ECIIA General Assembly 2018
October 2018
The ECIIA General Assembly took place on October 6 in Madrid.
The Board of Directors has welcomed a new representative for Italy: Gianfranco Carolia,  Chief Audit Executive of Ferrovie dello Stato Italiane S.p.A., Member of the Audit Committee of FAO, Founding member of AITRA, Member of the Audit Committee of EBU  and Board and Executive Committee Member of IIA Italy.
Farid Aractingi, Chief Audit, Risk and Organisation Officer of Renault, Chairman of Audit Committees (Bank, Distribution) and previous Chairman of the Board of the IFACI, the French Institute of Internal Auditors has been renominated as ECIIA President.
Gabrielle Rudolf von Rohr, Director at the Cantonal Financial Control in Solothurn and President of IIA Switzerland has been renominated as Treasurer of ECIIA.
Verra Marmalidou, Deputy Director at National Bank of Greece Group Internal Audit and President of IIA Greece has been renominated for 2 years as ECIIA Board member.
Tomáš Pivoňka, Chief Audit Executive at CEZ and President of Czech IIA has been renominated for 2 years as Board member.
The ECIIA Annual Report and the advocacy plans for 2018/2019 have been presented at this occasion.
EBA’s draft regulations on outsourcing need tighter focus
September 2018

The European Banking Authority’s (EBA) draft Guidelines on outsourcing (EBA/CP/2018/11) should give more emphasis on the role of the first and second lines of defence in the oversight of outsourced activities, ECIIA has said in its written response to the consultation.

More specifically speaking, the response continued, management should be in charge of the operational side of the outsourcing arrangements, while risk management and other compliance functions should monitor whether the process is performed properly.

“The internal audit function plays the role of being a third line of defence in such arrangements,” ECIIA Banking Committee Chair Henrik Stein said. “Internal audit must focus on the assurance of the outsourcing framework in terms of the risks that may be being taken.”

“While we believe that EBA’s revision of its guidelines are timely and important, we strongly urge it to reflect best practice by specifically including reference to the three lines of defence governance structure in its new provisions.”

In addition, ECIIA urged EBA to lighten the principles for outsourcing arrangements between different entities within a group of companies because of the lower risk exposure this creates compared to external outsourcing. Similarly, “a distinction should be made for outsourcing services within the European area for those highly-regulated services – such as IT and financial modelling – and other services,” the response to the consultation said.

The ECIIA also said that the role of a risk-based approach to internal audit should be more clearly emphasised. While the document does acknowledge the that risk-based assessment should form part of the audit planning process, it also tries to lay down some requirements in the plan in respect of outsourcing arrangements.

“The inclusion of the outsourced arrangements – or otherwise – in the audit plan should be solely dependent on the results of the risk-based assessments carried by the audit function,” Stein said. “It’s hard to see how that would be helped by prescribing in advance what should be covered.”

EBA’s draft guidelines define which arrangements with third parties are considered as outsourcing and provide criteria for the identification of critical or important functions, which have a stronger impact on the financial institution’s risk profile or on its internal control framework. It says that where such critical or important functions are outsourced, stricter and stronger requirements should apply compared to other outsourcing arrangements.

Risk in Focus 2019: Hot topics for internal auditors
September 2018
We are happy to share the third edition of Risk in Focus defining hot topics for Internal Auditors.
This edition is the result of a collaborative effort between seven European institutes of internal auditors in France, Germany, Italy, the Netherlands, Spain, Sweden and the UK and Ireland. As previously,  Chief Audit Executives (CAEs) have been interviewed in all of these territories and across sectors as part of the qualitative research into priority risk areas that are expected to be addressed in audit plans for 2019 — and further into the future. To supplement the interview process, this year for the first time a survey was distributed that received 311 responses. The European institutes of internal auditors are immensely grateful to everybody who contributed to this report, both the 300- plus CAEs who responded the survey and especially the 42 executives who gave up their time to be interviewed.
The 10 priority risk areas internal audit should address in 2019 are:
  1. Cybersecurity: IT governance & third parties
  2. Data protection & strategies in a post-GDPR world
  3. Digitalisation, automation & AI: technology adoption risks
  4. Sustainability: the environment & social  ethics
  5. Anti-bribery & anti-corruption compliance
  6. Communications risk: protecting brand & reputation
  7. Workplace culture: discrimination & staff inequality
  8. The new era of trade: protectionism & sanctions
  9. Risk governance & controls: adapting to change
  10. Auditing the right risks: taking a genuine risk-based approach

Find out the detailed results of the study here.

Internal auditors playing greater role in insurance regulation
June 2018

Insurance regulators and supervisors across Europe are increasingly looking to internal auditors to help their organisations achieve the necessary compliance requirements, according to a recent meeting of ECIIA’s insurance committee in Stockholm, Sweden.

While trends in supervision and regulation differ across Europe, many authorities are looking for insurers to strengthen their risk-based approach to compliance. Businesses are also expected to be more forward-looking in their risk analyses.

In some European jurisdictions, supervisory bodies are relying more on internal audit reports than in others. That has led to some regions considering tougher sanctions against internal audit functions if they fail to produce audit reports that are robust and accurate, and it emphasizes the need to define the relation between internal auditors and the supervisory bodies.

The committee identified emerging trends in artificial intelligence, business continuity, data science, IT security, liquid assets, money laundering and outsourcing.

“Clearly, internal auditors in the insurance sector have an increasingly important role to play in helping their organisations satisfy regulatory and supervisory requirements,” ECIIA insurance committee Hervé Gloaguen says. “Our committee is working on a publication that outlines these shifting priorities to keep our members up to date with recent developments.”

The insurance committee is meeting again in October in Madrid – a complete list of the volunteers on the group can be found here.

 

Theme author: Web developer Front End Developer Wordpress developer Web developer Front End Developer Wordpress developer Notariusz Szczecin