EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

Similar documents
EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

ENHANCING CORPORATE GOVERNANCE

Trends in European Governance and Internal Audit Martin Stevens CIA, CFSA, CRMA

Principles for enhancing corporate governance issued by Basel Committee. Comments of IFACI s Banking Professional Group

Internal Audit Charter

ECIIA Comments on the EBA consultation: Guidelines on Internal Governance (EBA/CP/2016/16)

Increasing the Intensity and Effectiveness of Supervision

Lya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises

BOM / BSD 7 /April 2001 BANK OF MAURITIUS. Guideline on Corporate Governance

Review of Corporate Governance of UK Banking Industry and financial services initial call for evidence

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

Basel Committee on Banking Supervision. Stress testing principles

INTERNATIONAL COOPERATION AND COORDINATION IN THE AREA OF FINANCIAL MARKET SUPERVISION AND SURVEILLANCE

STATE OF INTERNAL AUDIT 2013

24 February To the Trustees of the IFRS Foundation. Dear Madam, dear Sir,

REVISED CORPORATE GOVERNANCE PRINCIPLES FOR BANKS (CONSULTATION PAPER) ISSUED BY THE BASEL COMMITTEE ON BANKING SUPERVISION

Qatar, 24 May Basel II and Corporate Governance Issues

CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Corporate Governance Insights. Reinforcing audit committee oversight through global assurance

Defence Health Governance Structure

EBA GL 44. Wording Amendments / Additions suggested. Amend ment /Comm ent # page

Control Environment Toolkit: Internal Audit Function

FEE Comments on the Monitoring Group Consultation Paper on the Review of the IFAC Reforms

CORPORATE GOVERNANCE CODE OF STOPANSKA BANKA AD - SKOPJE

Corporate Governance. Basic Approach to Corporate Governance. 1. Outline of corporate governance structure

Basel Committee on Banking Supervision. Consultative Document. External audits of banks. Issued for comment by 21 June 2013

International Standards for the Professional Practice of Internal Auditing (Standards)

NFU response to the Liikanen report

A Framework for Audit Quality

Annual Governance Report. Union National Bank-Egypt. Compliance & Governance Department

Sustainable Growth and Increased Corporate Value Over the Mid- to Long-Term

Audit & Risk Committee (Ad hoc) Committee

SREP Transformation The Deloitte approach. Deloitte Malta Risk Advisory - Banking

International Standards for the Professional Practice of Internal Auditing (Standards)

Technical Director International Auditing and Assurance Standards Board 545 Fifth Avenue, 14 th Floor New York, New York USA

Compliance with the European Union (Capital Requirements) Regulations 2014

APPENDIX 1 COMMENTS ON EACH QUESTION

BOTSWANA ACCOUNTANCY OVERSIGHT AUTHORITY (BAOA)

Periodic internal quality assessment Questions for discussion

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

Toyota Financial Services (South Africa) Limited: King III Principles

Thank you for the opportunity to provide a written submission to the Victorian Taxi Industry Inquiry.

KING IV IMPLEMENTATION

A GUIDE TO MEETING YOUR OBLIGATIONS

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL AND THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE

FOLLOW-UP MONITORING ENHANCING GOVERNANCE THROUGH INTERNAL AUDIT

8 April Messieurs. Takashi NAGAOKA Director for International Accounting Financial Services Agency of Japan

BOC HONG KONG (HOLDINGS) LIMITED. Mandate of the Remuneration Committee

(

Kentucky State University Office of Internal Audit

FIN-USE. Providing expertise for policymakers. July FIN-USE, c/o European Commission SPA2 4/69, BE-1049 Brussels

Annex 2 - CLO Compliance Blue Print and covering letter

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2016

CEIOPS-SEC-182/10. December CEIOPS 1 response to European Commission Green Paper on Audit Policy: Lessons from the Crisis

Basel Committee on Banking Supervision. Consultative Document. Stress testing principles. Issued for comment by 23 March 2018

Implementation Guides

INTERNAL AUDIT S ROLE IN GOOD GOVERNANCE ENHANCING GOVERNANCE THROUGH INTERNAL AUDIT

Discussion Paper by the Chartered IIA

Discussion Paper by the Chartered IIA

6 August FRC Review Secretariat Victoria 1, 1st Floor 1 Victoria Street London SW1H 0ET. Submitted via

SEMINAR FOR SENIOR BANK SUPERVISORS

Internal audit: Threading the needle Strategic insights on internal audit A KPMG benchmark survey on internal audit

ENERGY QUEENSLAND LIMITED INTERNAL AUDIT CHARTER. [April 2017]

NATIONAL AUSTRALIA BANK LIMITED ACN BOARD RISK COMMITTEE CHARTER

ASX CORPORATE GOVERNANCE STATEMENT (FINANCIAL YEAR ENDED 31 DECEMBER 2017)

KING IV GOVERNANCE PRINCIPLES APPLICATION BY MURRAY & ROBERTS FY The governing body should lead ethically and effectively (Leadership)

The International Capital Market Association (ICMA) is pleased to respond to the

The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be

ERG S.P.A. GUIDELINES OF THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

Internal Audit Vice Presidency (IADVP) FY11 First Quarter Activity Report

Transparency in the digital age: companies should talk about their cyber security

CORPORATE GOVERNANCE STATEMENT 2017/18

Monitoring Group Proposals to Strengthen the Governance and Oversight of Audit-related Standard Setting in the Public Interest

7 September European Commission Green Paper on Corporate Governance in Financial Institutions and Remuneration Policies

CODE OF CORPORATE GOVERNANCE 6 AUGUST 2018

Corporate Governance Principles 2015

Banks Internal Control System, the case of Albania

FSB Consultative Document - Guidance on Supervisory Interaction with Financial Institutions on Risk Culture

GLOBAL ADVOCACY PLATFORM

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

Risks, Strengths & Weaknesses Statement. November 2016

Internal audit insights High impact areas of focus

HSBC remuneration practices and governance Date: November 2018

Hearing at the Economic and Monetary Affairs Committee of the European Parliament. 8 April 2008 Brussels

Implementation Guide 1300

Corporate Governance 2014 FINNLINES

Corporate Governance Report

71% Corporate Governance System. L Basic Approach. L Strong Corporate Discipline Separation Supervision / Diversity

Dŵr Cymru - Corporate Governance Code

The Development of Public Internal Financial Control in Albania And His Role in Strengthening the Managerial Accountability

Corporate Governance Principles

AUDIT PLANNING APPROACH ENHANCING GOVERNANCE THROUGH INTERNAL AUDIT

1 CORPORATE GOVERNANCE AND BUSINESS ACTIVITY REGULATORY OUTLINE. Objectives, background and legal basis

Guidance on arrangements to support operational continuity in resolution

Corporate Governance Report

THE ARCG CHARTER. Issued in March 2008

June PUBLIC OVERSIGHT OF THE AUDIT PROFESSION: Enhancing Credibility and Supporting Cooperation

Sub-section Content. 1 Preliminaries - Post title: Head of Group Risk - Reports to: CRO - Division: xxx - Department: xxx - Location: xxx

Transcription:

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW) Marie-Hélène Laimay PRESIDENT Thijs Smit VICE PRESIDENT Head Office: c/o IIA Belgium Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium) Phone: +32 2 217 33 20 Fax: +32 2 217 33 20 Email: office@eciia.eu November 13, 2012. Mr Erkki Likanen Chairman of the High level Expert Group On reforming the structure of the EU banking sector Dear Sir, The ECIIA (the European Confederation of Institutes of Internal Auditing) would like to thank you for offering the opportunity to comment on your report High-level Expert Group on reforming the structure of the EU banking sector. To introduce the ECIIA, it is a confederation of national associations of internal auditing speaking for the Internal Audit profession in the wider geographic area of Europe and the Mediterranean basin and represents a membership of over 40,000 internal audit professionals. As such, the ECIIA is an Associated Organisation of the global Institute of Internal Auditing (the IIA), a professional organisation of more than 180,000 members in some 190 countries. Throughout the world, the Global IIA is recognised as the internal audit profession's leader in certification, education and research regarding internal auditing. The Global IIA also maintains the International Professional Practices Framework (IPPF) which includes the International Standards for the Professional Practice of Internal Auditing, the definition of internal auditing, a code of ethics, and guidance on the practice of internal auditing. (http://www.theiia.org/guidance/standards-and-guidance/interactive-ippf/.) We understand that the goal of this report is to launch a debate about the need for structural reforms in the EU banking sector. As such, the ECIIA considers many of the issues discussed here (aggregate EU bank sector developments, diversity of bank business models, ) to be outside the field of our core competence and we will refrain from formulating any suggestions/comments in this respect. However regarding the report s comments and suggestions regarding risk management and corporate governance, we feel it crucial to emphasise the vital role of the internal audit function. ECIIA believes that the crisis has raised the questions about the appropriateness of the culture at the top of some organisations. In future, the culture needs to recognise the importance of ensuring that risks are fully identified and quantified; that risk appetite is addressed in a meaningful way; that risks are managed and mitigated systematically; and finally that comprehensive independent assurance measures are both in place and effective. 1

Also it would seem that boards and audit committees did not adequately either understand or execute properly their role and responsibilities with regard to risk, and may not have been aware of the range and scope of risk. As a result, public trust in the banking sector was undermined by the high risk strategies run by many institutions, which ultimately caused their downfall. While the majority if not all of the organisations affected by the crisis will have had internal audit in some form, these problems of culture and awareness may have inhibited internal audit from being able to ensure that the governance of financial institutions was effective and that holistic risk mitigation measures were in place and effective. Effective internal audit regimes would have given warning about the appropriateness of the risk profiles of the institutions which failed, although those warnings may not have been heeded given the expectations, common culture and herd instinct of the sector. Overall therefore the ECIIA believes that a debate on reforming the structure of the banking sector should include in its discussions the role and the scope of effective internal audit regimes as a major contributor to increased financial stability - especially as the report deals with the role of the banks risk management function and the need to improve corporate governance. Both must be underpinned by an independent and strong internal audit function, which should be supported by respective regulatory initiatives. The Basel Committee on Banking Supervision recently made an important step, issuing its supervisory guidance The internal audit function in banks. This guidance is built around 20 principles that seek to promote a strong internal audit function in banks. It forces banks and their boards to recognise that their internal audit function is a key component of a bank s sound governance framework, and to listen more carefully to its warning bells. It also encourages bank internal auditors to comply with the international professional standards of the IIA, which guarantee high professionalism and ethics. We feel this report on reforming the structure of the EU banking sector would be considerably strengthened if it were to recognise the vital role that internal audit can play, taking account of our comments, and including appropriate appendices with regard to internal audit. We would be happy to advise on the latter point. The ECIIA supports the Three Lines of Defence (3LoD) - model as a benchmark for future regulatory guidance. This model has been increasingly applied to corporate governance, and particularly risk management, over recent years. The ECIIA finds that it is a useful tool to explain and demonstrate the different roles in governance and risk management, the interplay between them and how they fit together to provide stronger corporate governance. This model, which is rapidly gaining universal recognition, can be illustrated as follows: 2

o As a first line of defence, operational management has ownership, responsibility and accountability for assessing, controlling and mitigating risks o As a second line of defence, the risk management function facilitates and monitors the implementation of effective risk management practices by operational management and assist the risk owners in reporting adequate risk related information up and down the organisation, while compliance is responsible for implementing the necessary procedures to comply with legal and other directives. o As a third line of defence, the internal auditing function will, through a risk based approach, provide assurance to the organisation s governing body and senior management, on how effective the organization assesses and manages its risks, including the manner in which the first and second lines of defence operate. This assurance task covers all elements of an institution s risk management framework: i.e. from risk identification, risk assessment and - response to communication of risk related information (throughout the institution and to senior management and the governing body.) o The diagram also shows external audit and regulators, but they are not considered as lines of defence to be relied on by the organisation, as they are external to the organisation and therefore are not, in principle, within the control of the board for the purposes of assurance. As noted earlier, in 2012 the Basel Committee on Banking supervision has updated its guidance for supervisors for assessing the adequacy of the internal audit function in banks. This guidance - which refers to the ethical and professional standards of the IIA - should make it harder for the board to ignore advice given by their internal auditors or claim not to have been informed. Any analysis of the history of the crises which has the aim of developing ideas for structural reforms to avoid future vulnerabilities needs to consider the tools banks AND supervisors have to assess and guide banks. The 3

exceptional - and difficult function of internal audit as independent assessor, advisor, defender and protector cannot be stressed enough. To facilitate considerations regarding the role of internal audit in contributing to financial stability in the banking sector, we attach some concrete suggestions where and how to implement reforms. While small in number they will greatly enhance the impact of the report. Once again, the ECIIA would like to thank you for offering us the opportunity to participate in this consultation on the need for restructuring in the banking sector. We are always interested and willing to take part in future consideration of issues relating to the management of risk and the role of internal audit. Sincerely, Th Smit Vice President MH Laimay President 4

Appendix Page Text Suggested Addendum ii, 3rd The report also makes other The report also makes other recommendations, for example recommendations, for example concerning concerning the use of designated bailin the use of designated bail-in instruments, the instruments, the capital capital requirements on real estate lending, requirements on real estate lending, consistency of internal models and consistency of internal models and sound corporate governance including the need for sound corporate governance. strengthening and more prominently featuring the role of internal audit as the third The Group presents and last internal line of defence against risk. The Group presents iii, last X, 4th Finally, the Group considers that it is necessary to augment existing corporate governance reforms by specific measures to 1) strengthen boards and management; 2) promote the risk management function; 3) rein in compensation for bank management and staff; 4) improve risk disclosure and 5) strengthening sanctioning powers. The difficulties of governance and control have been exacerbated by the shift of bank activity towards more trading and market related activities. This has made banks more complex and opaque and, by extension, more difficult to manage. It has also made them more difficult for external parties to monitor, be they 5 Finally, the Group considers that it is necessary to augment existing corporate governance reforms by specific measures to 1) strengthen boards and management; 2) promote the risk management function; 3) promote and strengthen the internal audit function as the third line of defence; 4) rein in compensation for bank management and staff; 5) improve risk disclosure and 6) strengthening sanctioning powers. The difficulties of governance and control have been exacerbated by the shift of bank activity towards more trading and market related activities. This has made banks more complex and opaque and, by extension, more difficult to manage. The merger of retail and investment banking made it more difficult to construct a single risk management structure that could be effectively overseen by internal audit. If these activities had been separate, the audit of these two very different risk profiles might have been more effectively carried out. It seems audit and audit committees - if the latter existed - did not adequately address or deliver their role and responsibilities in ensuring that the risks were being managed effectively, or were aware of the scope and range of risks. Internal audit was not well placed to ensure that the governance of the organization was effective. This aspect still needs more attention and backing by

supervisory and legislative authorities. The shift of activities has also made them more difficult for external parties to monitor, be they X, 6 th necessary further to: (i) strengthen boards and management; (ii) promote the risk management function; (iii) rein in compensation; X+XI Governance and control mechanisms: Risk management: Incentive schemes: 26 Market induced restructuring, State aid restructuring Ongoing regulatory reforms Wider economic, societal and technological changes necessary further to: (i) strengthen boards and management; (ii) promote the risk management function; (iii) promote and strengthen the internal audit function as the third line of defence; (iv) rein in compensation; Governance and control mechanisms: Risk management: Internal audit function: In order to improve the quality, standing, authority and independence of the internal audit functions of all banks adequate measures have to been taken to support adherence to the international professional standards and ethics by the International Institute of Internal Auditors and to strengthen the standing of the audit function within the organization. It must be globally realized and accepted that internal audit is a key component of a bank s sound governance framework, assuring management and board as the organisation s third and last line of defence on how the bank assesses and manages its risks, including the manner in which the first and second lines of defence (e.g. risk management and compliance) operate. It also must be stressed that management and boards should commit to carefully consider internal audit s concerns. Incentive schemes: Market induced restructuring, State aid restructuring Ongoing regulatory reforms Growing importance of the internal audit function - as the banks third and last line of defence, assuring management and board of the adequacy and functioning of the internal control system, riskassessment and -management, and a functioning compliance-function, as well as advising management regarding strategic and structural risks. In this context further strengthening of the compliance function and the risk management function as parts of the second line of defence (after 6

78, 4.2.5., 1 st, bank crisis experienced over the last years provide ample evidence of corporate governance systems failing to ensure staff and management acted in the interest of the bank and of risks that were not managed and controlled properly. Two major reforms have been enacted to help excessive risk-taking operational management and internal controls as first line) will contribute to improving controls and assuring compliance with external requirements. Wider economic, societal and technological changes, bank crisis experienced over the last years provide ample evidence of corporate governance systems failing to ensure staff and management acted in the interest of the bank and of risks that were not managed and controlled properly. In light of the perceived weaknesses in internal audit s response before and during the crises and in order to strengthening the internal audit function in banks, in 2012 the Basel Committee on Banking Supervision issued a supervisory guidance clearly outlining the internal audit s tasks, competencies and independence. They state that The bank s internal audit function must be independent of the audited activities, which requires the internal audit function to have sufficient standing and authority within the bank, thereby enabling internal auditors to carry out their assignments with objectivity. 79, 4th Moreover, the scope for control will reach its limits if the size or complexity of a bank itself makes it impossible for the management and external investors to effectively control risks. However, improvements in corporate governance will not be effective in addressing collective underestimation of risks which are characteristic of systemic risks. As regards remuneration, limiting the Two major reforms have been enacted to help excessive risk-taking Moreover, the scope for control will reach its limits if the size or complexity of a bank itself makes it impossible for the management and external investors to effectively control risks. However, improvements in corporate governance will not be effective in addressing collective underestimation of risks which are characteristic of systemic risks. It can be expected that the 2012 Basel guidance will improve the support for internal audit s role in banks that did not already adopt such an approach. Internal audit must be free to challenge and empowered to look into all parts of an organisation s operation, not shying away from particular areas. In addition, management and board must be committed to carefully consider internal audit. However, the Basel paper is not legally binding. 7

90 Increased complexity, size, and scope: Leverage and limited ability to absorb losses: Inadequate supervision and overreliance on bank management, boards and market discipline: Increased interconnectedness, systemic risk 93 + 94 Supervision: Lack of a sufficient systemic (macro-prudential) focus: Risk Management and corporate governance: Lack of focus on consumer protection As regards remuneration, limiting the Increased complexity, size, and scope: Leverage and limited ability to absorb losses: Inadequate supervision and overreliance on bank management, boards and market discipline: Inadequate recognition of the importance of the internal audit function in managing risk: The merger of retail and investment banking made it more difficult to construct a single risk management structure that could be effectively overseen by internal audit. If these activities had been separate, the audit of these two very different risk profiles might have been more effectively carried out. It seems audit and audit committees - if the latter existed - did not adequately address or deliver their role and responsibilities in ensuring that the risks were being managed effectively, or were aware of the scope and range of risks. This area still needs to be examined by supervisory and legislative authorities and the issues adressed. Increased interconnectedness, systemic risk Supervision: Lack of a sufficient systemic (macroprudential) focus: Risk Management and corporate governance: Internal audit function as the third line of defence: With no doubt the internal audit function could have helped mitigating the crisis as well. Maybe it even has. But undoubtedly it too needs further improvement. The Basel Committee made an important step to further strengthen the role of the internal audit function in banks, and the International Institute of Internal Auditors contributes in setting and regularly adapting its standards. However, if in turn the internal audit functions do not receive the necessary support from the audit committee / the senior management and board, their effectiveness in key areas can be fatally undermined. The audit committee/management must recognize the critical importance of maintaining the objectivity and independence of a wellresourced internal audit function and that, if they do not do so, it is very difficult for 8

100, 3 rd + 4 th 106, 1 st 106, 3 rd The preparation and approval of recovery and resolution plans (RRPs) is likely to induce some structural changes within banking groups, reducing complexity and the risks of contagion, thus improving resolvability. However, despite these important initiatives and reforms, the Group has concluded that it is necessary to require legal separation The difficulties of governance and control have been exacerbated by the shift of bank activity towards more trading and market-related activities. This has made banks more complex and opaque and, by extension, more difficult to manage. It has also made them more difficult for external parties to monitor, be they market participants or supervisors., it is necessary further to: (i) strengthen boards and management; (ii) promote the risk management function; (iii) rein in compensation; (iv) facilitate market monitoring 106 Governance and control mechanisms: Risk Management: Incentive schemes: Risk disclosure: internal audit to play an effective role in providing assurance and in producing the information and input that is required. Lack of focus on consumer protection The preparation and approval of recovery and resolution plans (RRPs) is likely to induce some structural changes within banking groups, reducing complexity and the risks of contagion, thus improving resolvability. The same is valid for the Basel Commission s guidance regarding the internal audit function in banks. However, despite these important initiatives and reforms, the Group has concluded that it is necessary to require legal separation The difficulties of governance and control have been exacerbated by the shift of bank activity towards more trading and marketrelated activities. This has made banks more complex and opaque and, by extension, more difficult to manage. It has also made them more difficult for external parties to monitor and to audit, be they internal auditors, market participants or supervisors., it is necessary further to: (i) strengthen boards and management; (ii) promote the risk management function; (iii) promote and strengthen the internal audit function as the third line of defence; (iv) rein in compensation; (v) facilitate market monitoring Governance and control mechanisms: Risk Management: Internal audit function: In order to improve the quality, standing, authority and independence of the internal audit function as the third line of defence within all banks, legislators, supervisors and other groups on a national and EU basis should strongly support adherence to already existing international standards and guidance such as that given by the Institute of Internal Auditors or the Basel Committee, and should feature such more prominently in regulation and guidance (e.g. by considering accompanying tools like dismissal protection for key internal audit personnel). The independence and objectivity of internal audit should 9

10 further be enhanced and preserved by ensuring that they are not undermined by the functional and administrative reporting arrangements. Given the specific terms of the OECD Corporate Governance Guidelines on where internal audit should sit in an organisation, the IIA International Standards stating that the head of internal audit should have direct and unrestricted access to senior management and the Board, and organisational independence where he/she reports functionally to the Board, and the Basel Commission s Principle that internal audit be independent of the audited activities, corporate governance codes and their supporting guidance should be brought into line. Incentive schemes: Risk disclosure:

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback