RIAS 2015 Positioning of Internal Audit EIB Perspective 10 September 2015
IIA Core Principles for the Professional Practice of Internal Auditing => is appropriately positioned IIA Standards 1100,1110 & Practice Advisory 1110-1 => CAE to report to individual in the organisation with sufficient authority to promote independence and to ensure broad audit coverage Question: Do international organisations with a political governance background implement suboptimal or non-standard positioning of Internal Audit? Observation: Organisational commitment in EIB to best banking practice is driving a re-alignment and reconsideration of the positioning (ref. European Banking Authority Guidelines on Internal Governance). While independence & standing are acceptable to external QAR (vis-à-vis Standards and Practice Advisories) they are less acceptable to an Audit Committee with regulatory presence.
Non executive appointees Audit Committee President Vice Presidents Management Committee President Vice Presidents Directors General Inspectorate General Directors Head of Division Internal Audit Evaluation Complaints Mechanism Fraud / Investigation
Brief timeline and developments 2005 IA (with Investigations) joins EV as Inspectorate General 2012 Quality Assurance Review (by Big 4 company) The function has the organisational standing and reporting lines to enable effectiveness in fulfilling its remit. 2013 IA Charter (last updated) The Head of Internal Audit reports to the Inspector General. 2014 Oliver Wyman review of EIB s Control and Compliance Framework Benchmarked against regulatory requirements and Best Banking Practices. Ensure that the Internal Audit function (3rd Line of Defence) is set up completely independently outside the 2nd LoD, with equal organisational seniority reporting to Vice President and having direct access to President. Head of Internal Audit to have direct reporting line to the President and the Audit Committee. 2015 EIB management response to Oliver Wyman report In respect to the Three Lines of Defence principle embedded in current regulation, Internal Audit would be maintained as a separate function within the Inspectorate General with direct reporting line to the President, under the coordination of the Vice President in charge, and to the Audit Committee.
Observations from EIB The Head of Internal Audit has direct access to the highest levels of the organisation - to Vice President, the President and the Audit Committee. The Head of Internal Audit is routinely invited to participate in Steering Committees and working groups at highest functional levels - recognition of organisational standing. Internal Audit has recently audited a unit under the responsibility of the Inspector General. The Inspector General has no operational responsibilities and reporting through him does not conflict with other channels. The Inspector General, at the highest function level provides access/information at strategic level. The Oliver Wyman review and subsequent executive management response will trigger changes: Higher authority Stronger independent channels of access to President and Audit Committee
General observations / conclusions It is important to be aware of issues which can arise in situations of sub-optimal positioning / standing, e.g.: Scope restrictions Reporting restrictions or interference Restrictions on access to information Lack of visibility at key governing organs or operational units Lack of acceptance in reviewing strategic matters Implicit threat to contract / performance appraisal / reward In the absence of organisational standing, can good faith, culture and other factors ensure these issues do not occur? Personal observation: for responsible governing bodies, a key question may concern design and effectiveness - issues of design may be acceptable, issues of effectiveness will not be acceptable. Original question: do international organisations with a political governance background implement sub-optimal or non-standard positioning of Internal Audit? If so, can it be overcome?