News

ECIIA-Blog-header
EU announces ‘fitness check’ for public reporting framework NEW
March 2018

The ECIIA has welcomed the launch of a ‘fitness check’ consultation on the EU’s public reporting framework for companies.

The consultation will look at whether the framework is fit for purpose, is relevant for meeting the EU’s objectives and adds value at a European level. It will also consider specific aspects of the existing legislation as required by EU law and whether the framework is fit for the future and new challenges such as sustainability and digitalisation.

The Commission is seeking comments from the broadest possible base of stakeholders, in particular providers and users of financial and non-financial information, and the ECIIA says that internal auditors have a key part to play in highlighting any areas that are ripe for change.

“We very much welcome this wide-ranging review into modernising company reporting,” says Farid Aractingi, ECIIA president. “Internal auditors have had an increasing role to play in ensuring the accuracy of reported company data in recent years, and this unique oversight position gives them a crucial role in helping the EU ensure its framework does the job for which it’s intended.”

Europe’s company reporting regime has grown organically over the past 40 years to require broader and deeper levels of information, including recent initiatives to expand the level of non-financial reporting required from larger companies. These additional requirements cover relevant environmental and social information, as well as statements on board diversity.

The consultation asks respondents to rate how effective this diverse range of EU reporting requirements have been in supporting its objectives. Those include ensuring stakeholder protection, developing the internal market, promoting integrated EU capital markets, ensuring financial stability and promoting sustainability.

Looking to the future, it is also essential to consider whether the framework for public reporting is responsive enough to handle new ways of working. Respondents are asked to comment on the challenge of digitalisation and whether the framework takes into account the impact of technology in changing how companies prepare and disseminate corporate reports and the ways investors and the public access and analyse company information.

This fitness check is one of the actions announced in the action plan on financing sustainable growth that builds on the recommendations of the Commission’s High Level Expert Group (HLEG) on sustainable finance. Replies to the consultation will feed into a staff working document on the fitness of the EU framework for public reporting by companies, to be published in 2019.

Responses must be submitted via the online questionnaire. The consultation closes on July 21, 2018.

ECIIA publishes suite of best practice papers for European banks NEW
March 2018

Internal audit can provide the boards and senior managers of European banks with distinctive and strategic assurance over their operations, according to a suite of position papers published by ECIIA. The papers cover a range of topics including internal audit’s role in good governance, audit planning, auditing a group of institutions, auditing outsourced operations, and follow-up monitoring on audit recommendations.

These five position papers are intended as best practice guides to internal auditors and their organisations in a range of areas. Taken together the recommendations in these documents should enhance the ability of internal auditors to give boards and senior managers independent and objective insights into the overall internal control systems and risk management at their institutions.

The papers have been produced by ECIIA’s banking committee, which was set up in 2014 with Chief Audit Executives of European Central Bank Supervised Banks. The documents address issues that require clarification due to recent changes in the way financial institutions are regulated. They are offered as best practice to be adopted or adapted by banks depending on their size, culture and local requirements.

Because of its position as the third line of defence, internal audit is uniquely positioned to act as a trusted advisor to the board because of its clear understanding of the business’ organisation, mission, vision, strategy and long-term goals.

The papers

Internal audit’s role in good governance: Internal control is an important cornerstone for banks’ long-term sound governance. It should be tailored to the business model, risks and organisational structure. As the third line of defence, reporting to CEOs and the board, internal audit gives an overall assurance on internal control effectiveness including an independent review of risk and control functions as well as insights on efficiency.

Audit planning approach: To manage risks effectively is an essential part of good corporate governance. An important role of each organisation is to identify all business risks and uncertainties which the organisation faces, quickly implementing risk mitigating measures and enhancing the system of internal controls. The Chief Audit Executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organisation’s goals – an approach that can be difficult to combine with traditional, cyclical auditing methods. The paper outlines strategies to combine a traditional cyclical approach to internal auditing with a risk-based approach.

Internal audit within a group: the audit departments of banking groups need to deliver consistent and adequate levels of assurance across the group, while considering both group and subsidiary regulatory requirements, with the intention of fostering consolidated supervision across the group.

Internal audit oversight of external outsourcing: internal audit function has an important role to play in providing assurance over the effectiveness and security of key processes outsourced from banks to third parties. It is crucial that key stakeholders, including management, the board and the bank’s supervisors can place reliance
on the work of internal audit in respect of the risk management of third parties, while at the same time maintaining a reasonable expectation of the extent of the internal audit function’s responsibilities in this area.

Follow-up monitoring: an audit report generally includes the management action defined as a response to the recommendation, together with a due date and an action owner. Every internal audit function should have a process for monitoring follow-up on implementation of management actions. This can be an indicator for the internal audit function’s effectiveness.

Download:

Internal audit’s role in good governance

Audit planning approach

Internal audit within a group

Internal audit oversight of external outsourcing

Follow-up monitoring

Open access to data vital to role of internal audit
January 2018

Internal auditors must be able to freely access any information they need to perform their work effectively, the ECIIA has said in response to the European Commission’s (EC) consultation on the free flow of non-personal data.

“Internal auditors use non-personal data in the course of their audits and report critical findings and comments to senior management, the board and the audit committee,” the ECIIA’s response said. “In particular, such data is used to report on weaknesses in internal control processes, risk management and practices in the organisation.”

The ECIIA said it supported the EC’s proposal to guarantee the access to any data across Europe, which, it added, was especially crucial for internal auditors working in a group with offices in different countries across Europe.

“On the basis of the Global Standards for the profession, internal auditors are bound to follow the requirements of mandatory professional guidance, so, in effect, they have a common approach across Europe,” ECIIA President Farid Aractingi said. “Therefore, subject to the principle of subsidiarity, it would be desirable also to take a common approach to the access of data for the Internal Auditors in Europe.”

The EC’s proposals are set out in its document State of the Union 2017: A framework for the free flow of non-personal data in the EU.

They are meant complement its already existing rules for personal data. The new rules will enable the storage and processing of non-personal data across the Union are intended to boost the competitiveness of European businesses and to modernise public services in an effective EU single market for data services.

Read the ECIIA’s letter of response to the consultation here.

Tags: data, EC
Internal auditors must speak out on governance
December 2017

ECIIA President Farid Aractingi tells the newspaper Les Echos-Cecile Desjardin that auditors must speak out on governance. Here is a translated transcript

What are the current challenges for the European Confederation of Institutes of Internal Auditing?

Working with others, internal auditors are important actors in a governance system that works towards creating sustainable performance. Governance is not an abstract principle dedicated only to ticking boxes in a regulatory framework. It requires a search for balance between the different actors of an organization. Those include the chairman, the CEO, and more generally between the board and the CEO. It also includes finding a balance between regulatory compliance and efficiency. This balance is guaranteed by the three main actors that build the governance system in an organisation: internal audit, risks management and internal controls. We serve the management but also inform them about any issues using our independent viewpoint.

At European level, it means that our profession must speak about corporate governance by, for example, participating on consultations on proposed European Directives, speaking during conferences, issuing discussion papers and guidance either produced solely by ECIIA or with our colleagues in other professional bodies – such as the Federation of European Risk Management Associations (FERMA).

Thanks to our oversight position over so many organisations’ operations, we can provide our unique perspective and recommendations to the European regulations on various issues, such as the management of personal data (GDPR), cybersecurity and audit reform.

How has internal audit evolved over the past few years?

Today, the profession is focused on five distinctive topics: independence, cross functionality, the discipline of execution, exercising pragmatic courage, and fulfilling our role as guardians of the temple of internal controls. Besides technical skills, soft skills are very important. Auditors must develop their capacity to manage contradictions. We must, at the same time; analyse and summarise, recommend control processes and innovate; understand deeply the business while retaining some “naiveté”; communicate verbally and on paper; and navigate between transparency and confidentiality.

All these changes have transformed internal auditors into a robust and well-equipped business partner, supported by both a panoramic 360° vision and a proven methodology, able to make a reliable, independent diagnosis about the issues of the organisation, and to be able to advise. To “win our seat at the table” means being heard by the board and the CEO. To achieve that we must always be more professional, a good communicator, flexible and reactive, with our global vision, searching for the best within all organisations.

Is the profession still attractive?

It depends from one country to the other. Today, more people want to become internal auditors in Athens or Istanbul than in Paris. Our ability to attract people into the profession is declining in Western Europe where internal audit departments have difficulties recruiting new people, although many young people are looking for a job. The profession requests discipline, rigour and a respect of methodologies. It requires flexibility, deadline management, as well as team work and stand-alone work. Maybe this is not in line with the expectations of new generations of workers.

Internal audit is very satisfactory intellectually, though. It is a training school in various domains where we can learn quickly as we change engagements every five to six weeks on average. The profession provides a good “social lift” for those passing through it, a period for developing discernment, and it is an extraordinary starting point to begin from in an organisation. After four years’ experience in internal audit, people can do anything and have a better idea of which area they want to work.

ECIIA hosts the first European Forum for Internal Audit, Banking, Regulation and Supervision
December 2017

ECIIA launched the inaugural meeting of the European Forum for Internal Audit, Banking, Regulation and Supervision in Frankfurt am Main between November 20 to 21, 2017.

“Good governance requires an effective and independent risk management function, including strong compliance and internal audit operations,” said Pentti Hakkarainen, Executive Director of the European Banking Authority, in a keynote speech at the event. “Internal audit needs sufficient standing, they must be independent from the other functions, and they require direct access to the board.”

Hakkarainen added that internal audit ensures that internal processes and risk management are functioning effectively. But while compliance was important, internal audit should aim at improving their institutions’ governance and business conduct. “Effective internal audits ensure sound governance and reduce operational risks,” he said.

“Supervisors and Internal auditors must work together for mutual benefit,” Henrik Stein, Chairman of ECIIA’s Banking Committee, said in his keynote speech. “Internal auditors should remain independent – including from supervisors.”

Stein stress the importance of independent, value-adding internal audit in order to achieve a safe and sound banking sector. Thierry Thouvenot, ECIIA Vice Chairman, said that further positive co-operation and more open communication across the industry creating a level playing field for banks, more trust in the sector and higher international standards in his closing remarks at the conference.

Representatives from EBA, ECB and 80 chief audit executives attended from SSM supervised banks.

Read the speech given by Pentti Hakkarainen at the ECIIA conference on the ECB’s website.

Slides presented at the event from the keynote speakers.

ECIIA forum

Theme author: Web developer Front End Developer Wordpress developer Web developer Front End Developer Wordpress developer Notariusz Szczecin