ECIIA publishes suite of best practice papers for European banks
March 2018

Internal audit can provide the boards and senior managers of European banks with distinctive and strategic assurance over their operations, according to a suite of position papers published by ECIIA. The papers cover a range of topics including internal audit’s role in good governance, audit planning, auditing a group of institutions, auditing outsourced operations, and follow-up monitoring on audit recommendations.

These five position papers are intended as best practice guides to internal auditors and their organisations in a range of areas. Taken together the recommendations in these documents should enhance the ability of internal auditors to give boards and senior managers independent and objective insights into the overall internal control systems and risk management at their institutions.

The papers have been produced by ECIIA’s banking committee, which was set up in 2014 with Chief Audit Executives of European Central Bank Supervised Banks. The documents address issues that require clarification due to recent changes in the way financial institutions are regulated. They are offered as best practice to be adopted or adapted by banks depending on their size, culture and local requirements.

Because of its position as the third line of defence, internal audit is uniquely positioned to act as a trusted advisor to the board because of its clear understanding of the business’ organisation, mission, vision, strategy and long-term goals.

The papers

Internal audit’s role in good governance: Internal control is an important cornerstone for banks’ long-term sound governance. It should be tailored to the business model, risks and organisational structure. As the third line of defence, reporting to CEOs and the board, internal audit gives an overall assurance on internal control effectiveness including an independent review of risk and control functions as well as insights on efficiency.

Audit planning approach: To manage risks effectively is an essential part of good corporate governance. An important role of each organisation is to identify all business risks and uncertainties which the organisation faces, quickly implementing risk mitigating measures and enhancing the system of internal controls. The Chief Audit Executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organisation’s goals – an approach that can be difficult to combine with traditional, cyclical auditing methods. The paper outlines strategies to combine a traditional cyclical approach to internal auditing with a risk-based approach.

Internal audit within a group: the audit departments of banking groups need to deliver consistent and adequate levels of assurance across the group, while considering both group and subsidiary regulatory requirements, with the intention of fostering consolidated supervision across the group.

Internal audit oversight of external outsourcing: internal audit function has an important role to play in providing assurance over the effectiveness and security of key processes outsourced from banks to third parties. It is crucial that key stakeholders, including management, the board and the bank’s supervisors can place reliance
on the work of internal audit in respect of the risk management of third parties, while at the same time maintaining a reasonable expectation of the extent of the internal audit function’s responsibilities in this area.

Follow-up monitoring: an audit report generally includes the management action defined as a response to the recommendation, together with a due date and an action owner. Every internal audit function should have a process for monitoring follow-up on implementation of management actions. This can be an indicator for the internal audit function’s effectiveness.


Internal audit’s role in good governance

Audit planning approach

Internal audit within a group

Internal audit oversight of external outsourcing

Follow-up monitoring

ECIIA hosts the first European Forum for Internal Audit, Banking, Regulation and Supervision NEW
December 2017

ECIIA launched the inaugural meeting of the European Forum for Internal Audit, Banking, Regulation and Supervision in Frankfurt am Main between November 20 to 21, 2017.

“Good governance requires an effective and independent risk management function, including strong compliance and internal audit operations,” said Pentti Hakkarainen, Executive Director of the European Banking Authority, in a keynote speech at the event. “Internal audit needs sufficient standing, they must be independent from the other functions, and they require direct access to the board.”

Hakkarainen added that internal audit ensures that internal processes and risk management are functioning effectively. But while compliance was important, internal audit should aim at improving their institutions’ governance and business conduct. “Effective internal audits ensure sound governance and reduce operational risks,” he said.

“Supervisors and Internal auditors must work together for mutual benefit,” Henrik Stein, Chairman of ECIIA’s Banking Committee, said in his keynote speech. “Internal auditors should remain independent – including from supervisors.”

Stein stress the importance of independent, value-adding internal audit in order to achieve a safe and sound banking sector. Thierry Thouvenot, ECIIA Vice Chairman, said that further positive co-operation and more open communication across the industry creating a level playing field for banks, more trust in the sector and higher international standards in his closing remarks at the conference.

Representatives from EBA, ECB and 80 chief audit executives attended from SSM supervised banks.

Read the speech given by Pentti Hakkarainen at the ECIIA conference on the ECB’s website.

Slides presented at the event from the keynote speakers.

ECIIA forum

Internal audit at centre of sound management, says Danièle Nouy
October 2015 21862655768_ecbc6446ce_k

“Internal control and internal audit are at the centre of sound management, especially for credit institutions in advanced financial systems,” Danièle Nouy, Chair of the Supervisory Board of the Single Supervisory Mechanism (SSM), told over 800 delegates at the ECIIA’s annual conference in Paris this September.

She said the SSM had focused its attention on the controls and the internal governance of credit institutions, and made them a key feature of its methodology from the beginning. That had given internal audit a vital role to play in ensuring the overall governance framework was effective – siting its position as the third line of defence.

“It goes without saying that the internal audit function has a vital and prominent role, being responsible for an independent review of the first two lines of defence,” she said, “and for proactively promoting best practices within the organisation by addressing the existing main weaknesses in the business areas to the management body and asking for prompt remedial actions.”

She said that the SSM assessed how effective and reliable internal audit functions were during the yearly Supervisory Review and Evaluation Process. It looked at how independent internal audit was from management, whether it had the right resources to do its job, and whether it had enough power to enforce any remediation actions.

She said that, in future, there would be enhanced dialogue between internal auditors and the supervisors.

“Now more than ever, a robust and capable internal audit function, with the skills to identify risk control deficiencies and with the independence and authority to pursue its role, is essential to also ensure the adequate discharge of management body responsibilities,” she said. “In this vein, internal auditors are, as well, a traditional ally of the prudential regulator.”

For the full speech, click here.

Bank remuneration monitoring must be clear
June 2015

The European Banking Authority’s (EBA) proposals on how the remuneration policies of banks are to be monitored need greater clarity if they are to be effective, according to the European Confederation of Institute’s of Internal Auditing (ECIIA).

The EBA’s consultation document on the issue (EBA/CP/2015/03) is often unclear over which internal department is best placed to provide overall assurance to the board that its policies and procedures are sound. In particular, it confuses the independent, oversight remit of internal audit with the compliance roles of risk management and control functions.

“The task of the internal audit function is not to control but to work alongside others to audit the control functions, giving assurance to the board and the supervisory bodies that the policies are both well monitored and sound,” Thijs Smit, ECIIA President says.

Control functions monitor whether the bank’s remuneration policies are in place and followed. Internal audit informs the board whether such monitoring is occurring and effective, and whether policies benchmark against industry best practice.

“It is essential for the EBA’s document to reflect the fact that internal audit is the only function for the board, which is independent of management, that can oversee all of the other functions – including how well risk management and compliance are working,” Smit says.

He says that the most effective way for banks be sure remuneration policies are working properly is for them to adopt the so-called Three Lines of Defence model of corporate governance. That provides internal audit with the independent remit it requires to perform this critical role.

Download the ECIIA response here.

ECIIA provides internal audit with “voice” for banking industry
February 2015

The newly-formed banking committee of the European Confederation of Institutes of Internal Auditing (ECIIA) aims to provide a unified voice for internal auditors to speak on the sweeping regulatory changes affecting the banking industry.

“As you know, European banking regulators are very active and many of their initiatives will impact our industry,” the chair of ECIIA’s newly formed banking committee Henrik Stein says. “This presents us with a challenge but at the same time gives us the chance to use our broad membership base to build a strong, truly representative and mandated ‘voice of internal audit’ for the European banking industry.”

The group aims to assess how banking regulations and initiatives from the European Banking Authority and the European Central Bank impact internal audit and corporate governance in banks. It will prepare discussion documents on key issues, respond to consultations and organize regular meetings and exchanges with the regulators.

The ECIIA banking committee held its inaugural meeting on 29 January 2015 in Frankfurt am Main. Chaired by ECIIA board member Henrik Stein, the committee comprises seven members representing banks large and small across the European Union: John Bendermacher (Netherlands), Ernesto Martinez Gomez (Spain), Ranieri de Marchis (Italy), Michel Le Masson (France), Nicola Rimmer (United Kingdom) Eva-Lotta Rosenqvist (Sweden) and Thierry Thouvenot (Luxembourg).


Theme author: Web developer Front End Developer Wordpress developer Web developer Front End Developer Wordpress developer Notariusz Szczecin