We are glad to have hosted the sixth edition of the ECIIA Banking Forum, sponsored by Workiva! The theme this year is The role of internal auditors in sustainable banks in Europe. CAEs and Audit Committee members of European Banks were welcome to join us for this edition. This event has the support of ecoDa. The draft agenda is available below.
The free virtual event took place on the 23 of October 2023.
Key messages
The view of the business
“Sustainability is not a project; it is the core of the culture”
Internal auditors can help ensure that companies take the right pass in both transforming the bank and helping clients to transform their organization. by transitioning. Auditors should use their holistic view to provide advice for businesses sharing their knowledge, for instance on ESG reporting (collection of data, best practices, risks).
The European Central Bank’s perspective
The ECB closely monitors and challenges the banks’ frameworks and efforts in terms of sustainability to undermine the seriousness of the topics. While 80% of them have improved their basic practices, still many underestimate the magnitude of climate risks and depend on carbon emission structures. As the ECB wants to embrace a new sustainability paradigm, to respect its framework, banks will need tremendous effort. It is also a clear opportunity to finance the investment their client needs to transform their operations. It is the task of the management body to ensure that regulation finds their way into the bank’s ERM framework, and into internal policies and procedures. The third line – in addition to the first and second line – has an important role to play assisting the management body.
More generally, the ECB overserved/expressed that:
- IA basics roles and responsibilities and tasks are in place and fulfilled but some improvements need to be made, for example in monitoring the fulfillment of remedial actions;
- the reporting line should be towards the Audit Committee;
- the IA function must review the key risks while ensuring the right coverage of banks operations in terms of geography/branches.
The Audit Committees and their sustainability duties
Banks are expected to fulfil the disclosure requirement of the Corporate Sustainability Reporting Directive (CSRD) by 2024. To succeed in their sustainability journey a multitude of aspects need to be taken into consideration, like the formulation of a sustainability strategy, the definition of Key Performance Indicators, the embedding of sustainability risks in risk management and control processes, the availability and collection of data. Given the high expectations of capital market participants, Audit Committees play an integral part in challenging the governance and management attention. This complements the (limited) assurance given by external as well as internal auditors.
The role of external auditors
External auditors can support Audit Committees by providing reliable information and translating regulatory requirements. The assurance given by external auditors should include an assessment on governance, strategy, expertise, systems, controls and data. Audit firms should express their opinion quickly and in a clear and structured manner.
The role of internal auditors
For businesses, the most important is to define metrics easy to report and monitor. To do so, they need a trusted advisor to control systems: the internal auditor. Internal auditors are expected to target sustainability issues, risks/management but also day-to-day activities. This also includes social washing, reputational risk, human rights impact. They are supposed to
assess the culture of the organization while offering some clarity on the long-term expectations. Internal auditors have a dual role: assurance and advisory. Their voices must be heard holistically across the organization while remaining independent. Even if internal auditors convert risks and activities, they cannot be a decision maker. Internal auditors must be proactive – ensure ESG is embedded in the whole organization – and reactive – be ready for the new business model -and: internal audit must be efficient. Internal audit will always be judged on what was not spotted!