EC to update non-financial reporting directive
The European Commission (EC) is planning to update its non-binding guidance on how to implement the Non-Financial Reporting Directive and set out proposals for consultation in June 2020. The directive, which affects about 6000 companies in Europe, sets out how organisations can effectively communicate the environmental, social and ethical impacts of their behaviour to stakeholders.
Delegates heard how businesses in different countries had sought to implement the directive. In Germany, for example, companies had used a broad variety of formats to report non-financial data. In addition, 81% of companies had their statements audited with limited assurance, with only half publishing an audit certificate in this area, according to a recent study. A separate study examining 80 companies based in France, Germany and the UK, suggested that while almost all reported on their non-financial reporting policies, there was a lack of connection between the policies and outcomes, key performance indicators and risk .
Finally, the EC presented the results of its own initial consultation on how the directive is being implemented. “Some factors are affecting the effectiveness of the directive include the flexibility of the framework, the materiality definition and the assurance process of the information,” according to Tom Dodd, the B3 policy case officer for corporate transparency.
“While the implementation of the directive is still in its early phases across Europe, it is already clear that companies are struggling with the providing assurance that the data that goes into their non-financial reports is robust and reliable,” Farid Aractingi, ECIIA President, says. “That is clearly an area that internal auditors can help with because of their unique oversight role in their organisations.”
ECIIA has already advocated to DG FISMA that businesses adopt the three lines of defence model of corporate governance. Under the model, the first and second lines of defence are responsible for internal controls and risk management, while internal audit provides independent assurance that those systems are well-designed and functioning properly. “The model puts internal auditors in an ideal position to assist companies in ensuring accuracy in non-financial reporting,” Aractingi says.
Internal auditors playing greater role in insurance regulation
Insurance regulators and supervisors across Europe are increasingly looking to internal auditors to help their organisations achieve the necessary compliance requirements, according to a recent meeting of ECIIA’s insurance committee in Stockholm, Sweden.
While trends in supervision and regulation differ across Europe, many authorities are looking for insurers to strengthen their risk-based approach to compliance. Businesses are also expected to be more forward-looking in their risk analyses.
In some European jurisdictions, supervisory bodies are relying more on internal audit reports than in others. That has led to some regions considering tougher sanctions against internal audit functions if they fail to produce audit reports that are robust and accurate, and it emphasizes the need to define the relation between internal auditors and the supervisory bodies.
The committee identified emerging trends in artificial intelligence, business continuity, data science, IT security, liquid assets, money laundering and outsourcing.
“Clearly, internal auditors in the insurance sector have an increasingly important role to play in helping their organisations satisfy regulatory and supervisory requirements,” ECIIA insurance committee Hervé Gloaguen says. “Our committee is working on a publication that outlines these shifting priorities to keep our members up to date with recent developments.”
Since statutory auditors in Europe – with the exception of those in Italy and the UK – do not check the content of non-financial reporting, directors may be unaware that they are revealing competitive information. Since an estimated 80% of companies’ value is now intangible, such disclosure could have serious consequences.
“Getting the balance right on disclosure should boost competitive advantage rather than erode it,” Farid Aractingi, ECIIA President says. “There is clearly a potential gap in companies’ control systems that internal auditors are ideally placed to fill.”
Internal auditors have a unique oversight position as the third line of defence in organisations. That means they are ideally placed to help co-ordinate and provide assurance on the quality and relevance of information in non-financial reports.
The pressure on increased non-financial disclosure has been seen as part of a societal shift as stakeholders expect organisations to adopt more ethical and responsible strategies. Corporate governance has been responding to these shifts in expectations by expanding its remit to look at the environment, social justice issues and culture.
Boards need to be courageous if they are to rise to the challenge that these pressures.
ECIIA hosts the first European Forum for Internal Audit, Banking, Regulation and Supervision
ECIIA launched the inaugural meeting of the European Forum for Internal Audit, Banking, Regulation and Supervision in Frankfurt am Main between November 20 to 21, 2017.
“Good governance requires an effective and independent risk management function, including strong compliance and internal audit operations,” said Pentti Hakkarainen, Executive Director of the European Banking Authority, in a keynote speech at the event. “Internal audit needs sufficient standing, they must be independent from the other functions, and they require direct access to the board.”
Hakkarainen added that internal audit ensures that internal processes and risk management are functioning effectively. But while compliance was important, internal audit should aim at improving their institutions’ governance and business conduct. “Effective internal audits ensure sound governance and reduce operational risks,” he said.
“Supervisors and Internal auditors must work together for mutual benefit,” Henrik Stein, Chairman of ECIIA’s Banking Committee, said in his keynote speech. “Internal auditors should remain independent – including from supervisors.”
Stein stress the importance of independent, value-adding internal audit in order to achieve a safe and sound banking sector. Thierry Thouvenot, ECIIA Vice Chairman, said that further positive co-operation and more open communication across the industry creating a level playing field for banks, more trust in the sector and higher international standards in his closing remarks at the conference.
Representatives from EBA, ECB and 80 chief audit executives attended from SSM supervised banks.
ECIIA members attended a free cyber risk governance conference held in Brussels on 29 June hosted by MEP Antennas Guoga.
The event – organised jointly by ECIIA and FERMA – presented recommendations a new cyber risk governance model designed to include key internal stakeholders, the risk and audit committees. A working group representing risk managers and internal auditors from eight EU countries developed the model and other recommendations was presented at the event.
The proposed model will increase cyber-resilience, define the key stakeholders and the conditions for success.