Internal auditors playing greater role in insurance regulation
Insurance regulators and supervisors across Europe are increasingly looking to internal auditors to help their organisations achieve the necessary compliance requirements, according to a recent meeting of ECIIA’s insurance committee in Stockholm, Sweden.
While trends in supervision and regulation differ across Europe, many authorities are looking for insurers to strengthen their risk-based approach to compliance. Businesses are also expected to be more forward-looking in their risk analyses.
In some European jurisdictions, supervisory bodies are relying more on internal audit reports than in others. That has led to some regions considering tougher sanctions against internal audit functions if they fail to produce audit reports that are robust and accurate, and it emphasizes the need to define the relation between internal auditors and the supervisory bodies.
The committee identified emerging trends in artificial intelligence, business continuity, data science, IT security, liquid assets, money laundering and outsourcing.
“Clearly, internal auditors in the insurance sector have an increasingly important role to play in helping their organisations satisfy regulatory and supervisory requirements,” ECIIA insurance committee Hervé Gloaguen says. “Our committee is working on a publication that outlines these shifting priorities to keep our members up to date with recent developments.”
Since statutory auditors in Europe – with the exception of those in Italy and the UK – do not check the content of non-financial reporting, directors may be unaware that they are revealing competitive information. Since an estimated 80% of companies’ value is now intangible, such disclosure could have serious consequences.
“Getting the balance right on disclosure should boost competitive advantage rather than erode it,” Farid Aractingi, ECIIA President says. “There is clearly a potential gap in companies’ control systems that internal auditors are ideally placed to fill.”
Internal auditors have a unique oversight position as the third line of defence in organisations. That means they are ideally placed to help co-ordinate and provide assurance on the quality and relevance of information in non-financial reports.
The pressure on increased non-financial disclosure has been seen as part of a societal shift as stakeholders expect organisations to adopt more ethical and responsible strategies. Corporate governance has been responding to these shifts in expectations by expanding its remit to look at the environment, social justice issues and culture.
Boards need to be courageous if they are to rise to the challenge that these pressures.
ECIIA hosts the first European Forum for Internal Audit, Banking, Regulation and Supervision
ECIIA launched the inaugural meeting of the European Forum for Internal Audit, Banking, Regulation and Supervision in Frankfurt am Main between November 20 to 21, 2017.
“Good governance requires an effective and independent risk management function, including strong compliance and internal audit operations,” said Pentti Hakkarainen, Executive Director of the European Banking Authority, in a keynote speech at the event. “Internal audit needs sufficient standing, they must be independent from the other functions, and they require direct access to the board.”
Hakkarainen added that internal audit ensures that internal processes and risk management are functioning effectively. But while compliance was important, internal audit should aim at improving their institutions’ governance and business conduct. “Effective internal audits ensure sound governance and reduce operational risks,” he said.
“Supervisors and Internal auditors must work together for mutual benefit,” Henrik Stein, Chairman of ECIIA’s Banking Committee, said in his keynote speech. “Internal auditors should remain independent – including from supervisors.”
Stein stress the importance of independent, value-adding internal audit in order to achieve a safe and sound banking sector. Thierry Thouvenot, ECIIA Vice Chairman, said that further positive co-operation and more open communication across the industry creating a level playing field for banks, more trust in the sector and higher international standards in his closing remarks at the conference.
Representatives from EBA, ECB and 80 chief audit executives attended from SSM supervised banks.
ECIIA members attended a free cyber risk governance conference held in Brussels on 29 June hosted by MEP Antennas Guoga.
The event – organised jointly by ECIIA and FERMA – presented recommendations a new cyber risk governance model designed to include key internal stakeholders, the risk and audit committees. A working group representing risk managers and internal auditors from eight EU countries developed the model and other recommendations was presented at the event.
The proposed model will increase cyber-resilience, define the key stakeholders and the conditions for success.
Internal auditors and representatives from supreme audit institutions shared best practices at a recent seminar in Brussels, organised jointly by ECIIA and EUROSAI.
For example, the Austrian Court of Audit said that it was creating knowledge communities with its internal audit partners to develop better processes for transferring operational knowledge to help increase the effectiveness of audits.
SAI Netherlands explained that building a robust working relationship with internal audit had led to it having unrestricted access to the electronic working files of the internal audit function. It also said it now discussed the performed auditors’ work in regular meetings with top management from the internal audit team.
“These collaborations are great examples of best practice,” ECIIA President Henrik Stein says. “ECIIA and EUROSAI will be jointly promoting such initiatives over the coming years.”
The professional bodies are planning to extend their partnership in a range of areas. Possible themes for future cooperation identified at the meeting included reducing costs in the public sector, reducing certain risks relating to cybersecurity, for example, and improving good governance in the public sector.