The European Confederation of Institutes of Internal Auditing (ECIIA) welcomed the opportunity to respond to the European Central Bank’s (ECB) consultation on their draft guide on governance and risk culture. We acknowledge the vital role that risk culture plays in the effectiveness of internal audit functions (IAF). For further insights, refer to our publication on risk culture here.
Our response outlines several key recommendations aimed at enhancing the guide:
- Diverse Governance Systems: ECIIA emphasises the need to consider various governance systems and the interactions between the IAF, management body, and audit committee. A tailored approach will ensure a more effective implementation of risk culture.
- Integration of General Internal Audit Standards: The General Internal Audit Standards (GIAs) should be seamlessly integrated into the guidance as they are essential for professional practices and the quality assessment of the IAF.
- Emphasis on Risk-Based Approaches: We urge the ECB to highlight a risk-based approach throughout all audit processes, particularly in following up on supervisory findings.
- Audit Universe Cycle Considerations: The current recommendation of a five-year cycle for all audit components should be revisited to align with the risk-based nature of audit plans.
- Clarification of “Good Practices”: The term “good practices” requires clearer definitions to avoid potential misinterpretations in upcoming regulatory examinations.
See our feedback summary.
For the detailed response click here.