Our current views

ECIIA-Our-Current-Views-header
  • A key part of our mission is to be the voice of internal auditing in Europe and to communicate our views to governments, legislators, policy-makers and regulators. Here you can find our opinions on current developments in corporate governance.

    Internal audit’s role in good governance NEW
    July 2018

    Internal control is an important cornerstone for banks’ long-term sound governance. It should be tailored to the business model, risks and organisational structure. As the third line of defence, reporting to CEOs and the board, internal audit gives an overall assurance on internal control effectiveness including an independent review of risk and control functions as well as insights on efficiency.

    Download:

    Internal audit’s role in good governance

    Internal audit within a group NEW
    July 2018

    The audit departments of banking groups need to deliver consistent and adequate levels of assurance across the group, while considering both group and subsidiary regulatory requirements, with the intention of fostering consolidated supervision across the group.

    Download:

    Internal audit within a group

    Internal audit oversight of external outsourcing NEW
    July 2018

    Internal audit function has an important role to play in providing assurance over the effectiveness and security of key processes outsourced from banks to third parties. It is crucial that key stakeholders, including management, the board and the bank’s supervisors can place reliance
on the work of internal audit in respect of the risk management of third parties, while at the same time maintaining a reasonable expectation of the extent of the internal audit function’s responsibilities in this area.

     

    Download:

    Internal audit oversight of external outsourcing

    Follow-up monitoring NEW
    July 2018

    An audit report generally includes the management action defined as a response to the recommendation, together with a due date and an action owner. Every internal audit function should have a process for monitoring follow-up on implementation of management actions. This can be an indicator for the internal audit function’s effectiveness.

    Download:

     

    Follow-up monitoring

    Audit planning approach NEW
    July 2018

    To manage risks effectively is an essential part of good corporate governance. An important role of each organisation is to identify all business risks and uncertainties which the organisation faces, quickly implementing risk mitigating measures and enhancing the system of internal controls. The Chief Audit Executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organisation’s goals – an approach that can be difficult to combine with traditional, cyclical auditing methods. The paper outlines strategies to combine a traditional cyclical approach to internal auditing with a risk-based approach.

     

    Download:

    Audit planning approach

  • Publications

    Internal audit’s role in good governance NEW
    July 2018

    Internal control is an important cornerstone for banks’ long-term sound governance. It should be tailored to the business model, risks and organisational structure. As the third line of defence, reporting to CEOs and the board, internal audit gives an overall assurance on internal control effectiveness including an independent review of risk and control functions as well as insights on efficiency.

    Download:

    Internal audit’s role in good governance

    Internal audit within a group NEW
    July 2018

    The audit departments of banking groups need to deliver consistent and adequate levels of assurance across the group, while considering both group and subsidiary regulatory requirements, with the intention of fostering consolidated supervision across the group.

    Download:

    Internal audit within a group

    Internal audit oversight of external outsourcing NEW
    July 2018

    Internal audit function has an important role to play in providing assurance over the effectiveness and security of key processes outsourced from banks to third parties. It is crucial that key stakeholders, including management, the board and the bank’s supervisors can place reliance
on the work of internal audit in respect of the risk management of third parties, while at the same time maintaining a reasonable expectation of the extent of the internal audit function’s responsibilities in this area.

     

    Download:

    Internal audit oversight of external outsourcing

    Follow-up monitoring NEW
    July 2018

    An audit report generally includes the management action defined as a response to the recommendation, together with a due date and an action owner. Every internal audit function should have a process for monitoring follow-up on implementation of management actions. This can be an indicator for the internal audit function’s effectiveness.

    Download:

     

    Follow-up monitoring

    Audit planning approach NEW
    July 2018

    To manage risks effectively is an essential part of good corporate governance. An important role of each organisation is to identify all business risks and uncertainties which the organisation faces, quickly implementing risk mitigating measures and enhancing the system of internal controls. The Chief Audit Executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organisation’s goals – an approach that can be difficult to combine with traditional, cyclical auditing methods. The paper outlines strategies to combine a traditional cyclical approach to internal auditing with a risk-based approach.

     

    Download:

    Audit planning approach

  • ECIIA Activity Report 2015, September 2015

    Audit and risk committees: news from EU legislation and best practices, October 2014

    ECIIA Activity Report 2014, September 2014

    ECIIA and EUROSAI: Coordination and cooperation between supreme audit institutions and internal auditors in the public sector, May 2014

    Improving cooperation between internal and external audit, November 2013

    ECIIA activity report 2013, October 2013

    The future of European governance: key views from key people, October 2013

    Guidance on the role of internal audit under Solvency II, June 2013

    ECIIA and ECODA: Making the most of the internal audit function: Recommendations for directors and board committees, December 2012

    Corporate governance codes on internal audit, June 2012

    Corporate governance insight: Reinforcing audit committee oversight over global assurance and internal audit, May 2012

    ECIIA and FERMA: Guidance on EU 8th company law directive, art 41, part 1, December 2011

    ECIIA and FERMA: Guidance on EU 8th company law directive, art 41, part 2, December 2011

    Insight and Oversight: Guidance for audit committees on governance oversight, October 2011

  • Responses to consultation

    Internal audit’s central role in the future of corporate reporting NEW
    July 2016

    Internal audit has a central role to play in the future of corporate reporting as an adviser on, and a builder and consolidator of the reporting process itself, according to the ECIIA’s response to a consultation on the issue by the Federation of European Accountants (FEE).

    “Internal audit adds value to corporate reporting by providing an informed and independent review on processes, risks and controls,” ECIIA President Henrik Stein said in the confederation’s formal response to FEE.

    In the future, developing integrated thinking would be critical if organisations were to be able to present a coherent and comprehensive picture of their long-term strategy and performance, he said. This would require the creation of cross-functional teams, which would include all key areas within the organisation.

    He said organisations needed to adopt clear and unambiguous assurance models to report effectively.

    “It is necessary for internal and external assurance providers to form a common view on issues of relevance, materiality, accuracy and completeness,” he said. “Combined assurance is needed to achieve an informed view on whether reports are fair and balanced and also to improve efficiency.”

    FEE has been consulting on how to evolve corporate reporting in a way that will keep pace with the developing economic reality and address the needs of a wider stakeholder audience.

    To read ECIIA’s response, click here.

    To visit FEE’s page on corporate reporting, click here.

    More communication needed between internal audit and regulators
    May 2016

    Regulators should require regular, structured and ongoing dialogue between the competent authorities supervising insurers and the internal auditors working in them, the ECIIA has said in response to recent consultation by EIOPA (European Insurance and Occupational Pensions Authority).

    That is because internal audit is well-placed to provide an independent opinion about the internal controls, risk management and governance of the companies concerned. Almost 8 out of 10 auditors in Europe say they follow the three Lines of Defense Model at some level, which enables them to provide objective assurance to their organisations.

    “While internal audit’s main line of accountability is to the Audit Committee, it also shares information with the statutory auditors and the regulators,” ECIIA President Henrik Stein said. “Clear and effective communication between all these parties is vital in order to avoid duplication, or gaps, in the overall assurance picture,” he added.

    Stein said he would welcome the opportunity to meet with senior EIOPA officials to discuss in more detail the role of internal audit in this area.

    Read the ECIIA’s response here.

    Tags: EIOPA, Regulation
    Governance gap in Europe’s cyber laws
    March 2016

    Europe’s current legislation on cybersecurity does not include robust corporate governance processes to help businesses manage cyber risks across their operations, ECIIA says.

    ECIIA calls on the European Commission (EC) to develop legislation and guidance frameworks to promote integrated, cross-departmental approaches to manage cyber risks, in its response to the body’s recent consultation exercise. It says a wide range of partners within organisations need to co-ordinate their efforts in this area including compliance, finance, human resources, internal audit, IT and legal functions.

    “There is a real gap in this area that needs to be plugged,” Henrik Stein, ECIIA President, says. “Without joined up thinking and action on cyber security, businesses are at greater risk than they should be.”

    He says that senior management should track and report on the business impact of cyber threats and all risk management activity. “For its part, internal audit evaluates the effectiveness of cyber threat risk management and reports to the audit committee and board on these issues,” he adds.

    ECIIA recognises that organisations that operate in multiple jurisdictions face additional problems because reporting requirements remain unharmonised. It says there is a case for developing global best practice and standards to help corporations monitor their global reporting on cyber security and risk effectively.

    The ECIIA’s response also comments on the most pressing current cybersecurity risks and those that it believes will become more prominent over the coming five years. Read the full response here.

     

    EBA clarifies internal audit’s position as third line of defence
    February 2016

    The European Banking Authority (EBA) has adopted important clarifications suggested by ECIIA over the role and position of internal audit in the governance structure of companies looking to adopt sound remuneration policies.

    In particular, EBA has said in the final draft of its Guidelines on sound remuneration policies that internal audit should form an independent third line of defence reporting directly to the board so that it can audit the activities of the other control functions.

    “We are pleased that EBA has taken our views on board and clarified this important issue,” Henrik Stein, ECIIA President, says. “Reinforcing our members’ role as the independent, third line of defence provides organisations with the confidence that they can rely on the work of internal audit when it comes to assessing the effectiveness of their remuneration policies.”

    EBA also clarified the involvement of control functions in assessing the risk profile of organisations and how the control functions should be remunerated, which also drew upon ECIIA’s.

    The EBA’s guidelines set out the governance process for implementing sound remuneration policies across the EU and clarify the process for identifying those categories of staff to whom the specific remuneration provisions of the Capital Requirements Directive (CRD IV) apply, including the so called bonus cap.

    See ECIIA’s recommendations in full.

     

    Internal auditors should be included in communication between auditors and supervisors
    January 2016

    Internal auditors should be included in the communication process over the scope of work to be undertaken by the statutory auditors and supervisors of credit institutions, the ECIIA has told the European Banking Authority.

    In a written response to the EBA’s consultation on how auditors and supervisors could exchange information better – EBA/CP/2015/17  – ECIIA says: “Communication between competent authorities and statutory auditors, as deemed prudent at any phase of the supervisory or audit processes, may be enhanced by the inclusion of the internal auditors of the credit institution.”

    Since both statutory auditors and supervisors may rely on the work of internal audit, speaking with the function would help provide greater confidence about the activities of internal audit and help to focus work on those areas that most need it.

    ECIIA also says better clarification is needed between the 2nd and 3rd lines of defence by the document.

    It also recommends that the quality of internal audit functions at credit institutions be assessed against how well they comply with International Professional Practices Framework 

    To read the full response, click here.

     

Our current viewsPublicationsPublications indexResponses to consultation
Theme author: Web developer Front End Developer Wordpress developer Web developer Front End Developer Wordpress developer Notariusz Szczecin