Internal auditors playing greater role in insurance regulation
June 2018

Insurance regulators and supervisors across Europe are increasingly looking to internal auditors to help their organisations achieve the necessary compliance requirements, according to a recent meeting of ECIIA’s insurance committee in Stockholm, Sweden.

While trends in supervision and regulation differ across Europe, many authorities are looking for insurers to strengthen their risk-based approach to compliance. Businesses are also expected to be more forward-looking in their risk analyses.

In some European jurisdictions, supervisory bodies are relying more on internal audit reports than in others. That has led to some regions considering tougher sanctions against internal audit functions if they fail to produce audit reports that are robust and accurate, and it emphasizes the need to define the relation between internal auditors and the supervisory bodies.

The committee identified emerging trends in artificial intelligence, business continuity, data science, IT security, liquid assets, money laundering and outsourcing.

“Clearly, internal auditors in the insurance sector have an increasingly important role to play in helping their organisations satisfy regulatory and supervisory requirements,” ECIIA insurance committee Hervé Gloaguen says. “Our committee is working on a publication that outlines these shifting priorities to keep our members up to date with recent developments.”

The insurance committee is meeting again in October in Madrid – a complete list of the volunteers on the group can be found here.


ECIIA publishes suite of best practice papers for European banks
March 2018

Internal audit can provide the boards and senior managers of European banks with distinctive and strategic assurance over their operations, according to a suite of position papers published by ECIIA. The papers cover a range of topics including internal audit’s role in good governance, audit planning, auditing a group of institutions, auditing outsourced operations, and follow-up monitoring on audit recommendations.

These five position papers are intended as best practice guides to internal auditors and their organisations in a range of areas. Taken together the recommendations in these documents should enhance the ability of internal auditors to give boards and senior managers independent and objective insights into the overall internal control systems and risk management at their institutions.

The papers have been produced by ECIIA’s banking committee, which was set up in 2014 with Chief Audit Executives of European Central Bank Supervised Banks. The documents address issues that require clarification due to recent changes in the way financial institutions are regulated. They are offered as best practice to be adopted or adapted by banks depending on their size, culture and local requirements.

Because of its position as the third line of defence, internal audit is uniquely positioned to act as a trusted advisor to the board because of its clear understanding of the business’ organisation, mission, vision, strategy and long-term goals.

The papers

Internal audit’s role in good governance: Internal control is an important cornerstone for banks’ long-term sound governance. It should be tailored to the business model, risks and organisational structure. As the third line of defence, reporting to CEOs and the board, internal audit gives an overall assurance on internal control effectiveness including an independent review of risk and control functions as well as insights on efficiency.

Audit planning approach: To manage risks effectively is an essential part of good corporate governance. An important role of each organisation is to identify all business risks and uncertainties which the organisation faces, quickly implementing risk mitigating measures and enhancing the system of internal controls. The Chief Audit Executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organisation’s goals – an approach that can be difficult to combine with traditional, cyclical auditing methods. The paper outlines strategies to combine a traditional cyclical approach to internal auditing with a risk-based approach.

Internal audit within a group: the audit departments of banking groups need to deliver consistent and adequate levels of assurance across the group, while considering both group and subsidiary regulatory requirements, with the intention of fostering consolidated supervision across the group.

Internal audit oversight of external outsourcing: internal audit function has an important role to play in providing assurance over the effectiveness and security of key processes outsourced from banks to third parties. It is crucial that key stakeholders, including management, the board and the bank’s supervisors can place reliance
on the work of internal audit in respect of the risk management of third parties, while at the same time maintaining a reasonable expectation of the extent of the internal audit function’s responsibilities in this area.

Follow-up monitoring: an audit report generally includes the management action defined as a response to the recommendation, together with a due date and an action owner. Every internal audit function should have a process for monitoring follow-up on implementation of management actions. This can be an indicator for the internal audit function’s effectiveness.


Internal audit’s role in good governance

Audit planning approach

Internal audit within a group

Internal audit oversight of external outsourcing

Follow-up monitoring

ECIIA hosts the first European Forum for Internal Audit, Banking, Regulation and Supervision NEW
December 2017

ECIIA launched the inaugural meeting of the European Forum for Internal Audit, Banking, Regulation and Supervision in Frankfurt am Main between November 20 to 21, 2017.

“Good governance requires an effective and independent risk management function, including strong compliance and internal audit operations,” said Pentti Hakkarainen, Executive Director of the European Banking Authority, in a keynote speech at the event. “Internal audit needs sufficient standing, they must be independent from the other functions, and they require direct access to the board.”

Hakkarainen added that internal audit ensures that internal processes and risk management are functioning effectively. But while compliance was important, internal audit should aim at improving their institutions’ governance and business conduct. “Effective internal audits ensure sound governance and reduce operational risks,” he said.

“Supervisors and Internal auditors must work together for mutual benefit,” Henrik Stein, Chairman of ECIIA’s Banking Committee, said in his keynote speech. “Internal auditors should remain independent – including from supervisors.”

Stein stress the importance of independent, value-adding internal audit in order to achieve a safe and sound banking sector. Thierry Thouvenot, ECIIA Vice Chairman, said that further positive co-operation and more open communication across the industry creating a level playing field for banks, more trust in the sector and higher international standards in his closing remarks at the conference.

Representatives from EBA, ECB and 80 chief audit executives attended from SSM supervised banks.

Read the speech given by Pentti Hakkarainen at the ECIIA conference on the ECB’s website.

Slides presented at the event from the keynote speakers.

ECIIA forum

Audit committees must balance independence with competence
July 2016

Audit committees must balance their ability to be independent with the right level of competence if they are to effectively challenge management, according to attendees at a recent event organised by European Confederation of Directors Associations (Ecoda) and Pwc.

“Too much independence for audit committee members could come at the price of less competency,” UK non-executive director Philip Johnson, told delegates in Brussels in June. He said finding independent members can prove to be difficult as a result of over-regulation and, therefore, said their effectiveness should be prioritised over independence.

Inge Boets, a member of several audit committees in Belgium, said that while it was preferable to have a majority of independent members on the audit committee, having a committee that had complementary and diverse experience was also key.

Tjalling Tiemstra, Chairman of the Audit Committee at ABN Amro Bank and various other non-executive positions in the Netherlands, said that it was important that audit committee members were on a similar level of competency as the chief financial officer.

“I feel there is a lack of recognition of the importance of competency, as the audit committee requires ability and character to challenge management,” Tiemstra added.

The event focused on the corporate governance implications of the recent EU Audit Directive and Regulation, which was adopted by the European Union in 2014. The rules, which came into force this year, give additional oversight responsibilities to audit committees.

Alain Deckers, Head of Unit, Audit and Credit Rating Agencies, DG for Financial Stability, Financial Services, and Capital Markets Union (FISMA) from the European Commission, told delegates that twenty countries would have had completed their preparations for the new legislation by the end of the summer. He said that better engagement with the European Commission and audit committees would help bed in the new rules.

“There appears to be an unequal experience when it comes to engaging with audit committees,” he said. “Better engagement can allow us to understand how processes are handled.”

Click here for an EC fact sheet on the new rules.

Click here for a summary of the event.

Jury still out on EU regulatory reforms
June 2016

The combined effectiveness of the various regulatory reforms made in the financial sector following the crisis of 2007-8 are unknown, according to respondents to the EU’s recent review of the issue.

Some attendees at a meeting in May, following the EU’s Call for Evidence on EU regulatory framework for financial services, said that the review was premature because many of the reforms had not had time to take effect.

“The reforms need time to bed in before there is further legislation in this area,” ECIIA President Henrik Stein says. “Internal auditors working in the sector are still helping their organisations put in place and test the appropriate controls and it will take time to see where further action may be required.”

Commissioner Jonathan Hill told the public hearing that the Commission was committed to legislating less and legislating better. He said he wants the Commission “to be more proportionate in the way legislation’s applied, more cautious before doing anything that might reduce liquidity, and more ambitious about reducing reporting and disclosure requirements where it’s appropriate”.

Many respondents urged the Commission to refrain from embarking on a process of deregulation until the full effect of the reforms was known.

For the summary of contributions to the call for evidence click here.

For the conference web stream, click here.

Theme author: Web developer Front End Developer Wordpress developer Web developer Front End Developer Wordpress developer Notariusz Szczecin