European Governance Magazine April 2012


Published on

This issue’s special report – Remixing regulation - focuses on the Basel Committee and internal audit’s central role within bank regulation.
The issue also welcomes new members to the ECIIA’s Corporate Governance Citizen Programme and invites you to join. Through Citizens comes progress.

Published in: Business
  • Be the first to comment

  • Be the first to like this

European Governance Magazine April 2012

  1. 1. T H E O F F I C I A L M A G A Z I N E O F T H E E C I I A April 2012 . Issue 22 Remixing Regulation Banking supervisors want internal audit to play a more central role within bank regulation Inside: Raising public sector control standards, helping directors to improve, corporate governance citizens and more
  2. 2. 2 NEWSGetting heard In organizing the conference we are inspired by the ambition and wayIn February 2012, the European to provide potential candidate The debate in the public of working of top level restaurants. Therefore you should only expectCommission (Budget DG) for countries with guidance for re- sector, be it at national level or at the best of this conference. We will meet the highest quality standardsthe first time published the engineering their public internal EU level, is about how to solve for our conference and galaparty and treat you as our guest.Compendium of the public control systems where necessary. the sovereign debt and Eurointernal control systems in the “We heartily agree with crises. The conference heard that The à la carte concept: choose yourselfEU Member States 2012. This the European Commission’s deficiencies in the functioning of During the conference we will serve you not only lectures, but we alsoprovided a structured overview of objectives to analyse PIC systems public internal control were one the have workshops and interactive sessions in which you can actually sharethe various public internal control as a valuable way of developing many causes of these problems. experiences with your international colleagues. By looking at how much(PIC) systems currently being benchmarking tools for identifying Managerial accountability Spanish peppers a session has, you can see how interactive a sessionapplied by the public sector in each control frameworks for the proper structures and internal control is. With the à la carte concept you can choose your own menu.of the 27 EU Member States. and efficient management of frameworks are key governance Make sure you have a table reservation! The paper presents the so- public resources,” said ECIIA factors determining the quality and The substantive program, the location in the city of Amsterdam, thecalled PIFC concept, which is a president Carolyn Dittmeier. effectiveness of the public sector good food: we are sure that all these things will truly connect peoplemodel for public internal control The topic was subject to much in managing national budgets, so in a pleasant way. So make sure you have a table reservation!aligned with international standards discussion at the conference on it is important to get them right.such as INTOSAI and IIA IPPF, Public Internal Control systems in See this website for Early Bird Discountand European good practice. It EU Member States that took place both the compendium and Note: You will receive an Early Bird Discount ofcan be used by the Commission in Brussels in February 2012. for conference slides. €200,- if you register before 1 May. For more information click here. Events Fourth Professional Internal Auditor Conference in Sofia, certifications of IIA Global, IT risks and controls and more. or to reserve a table click here. IIA Bosnia and Herzegovina is Bulgaria. The event, “The New ECIIA and IIA Azerbaijan is organising the 7th International Realities in Internal Audit”, takes hosting a conference, “Internal Conference of Internal Auditors for place at The Sheraton Hotel audit: realities and perspectives” Central and Southeastern Europe Balkan, Sofia between 26-27 in May 3-4, 2012 in Baku. between 10-12 May, 2012 in June, 2012. Presentations will To attend, click here. Sarajevo, Bosnia and Herzegovina. include: The imminent revision There are also events soon For the program, click here. of the Standards, updated in Slovenia and Norway. IIA Bulgaria is hosting its COSO framework, the new EUROPEAN CONFERENCE AMSTERDAM 2010 12 – 14 SEPTEMBEREuropean Governance Magazine . April 2012
  3. 3. 3 NEWS ECIIA CORPORATE Supporting best practice GOVERNANCE CITIZEN PROGRAMME Leading organisations in Europe are becoming increasingly aware that they need to pool their expertise if they are to meet the challenge of achieving sound corporate governance practice in a changing world. The ECIIA is delighted to have welcomed Generali Group to its Corporate Governance Citizenship Programme. The business joins Enel and Eni in helping the ECIIA promote best corporate governance practice across Europe. The Generali Group is one of the most significant players in the global insurance and financial products market. The Generali Group is market leader in Italy and Assicurazioni Generali, founded in 1831 in Trieste, is the Group’s parent and principal operating company. Characterised from the very outset by a strong international We believe in sound corporate outlook and now present in more than 60 Countries, Generali has consolidated its position among the world’s leading governance, doECIIA CorporAtE you? GovErnAnCE insurance operators, with significant market shares in CItIzEn proGrAmmE THE EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING western Europe – its main area of activity – and particularly Head Office: c/o iia Belgium – Koningsstraat 109-111, bus 5 - B-1000 Brussels (Belgium) If you are an organization operating in Europe, facing the constant challenge PHOne: +32 2 217 33 20 - fax: +32 2 217 33 20 - email: in Germany, France, Austria, Spain and Switzerland. It also of applying corporate governance in a dynamic world, and wish to assist ECIIA has a strong market position in Israel and Argentina. in the promotion of sound principles of corporate governance at a European level, the ECIIA Corporate Governance Citizen Programme is for you. The ECIIA supports research, input into the European Union’s governmental bodies, and knowledge-sharing with business and the public sector. Together we can achieve more. Through Citizens comes progress. To become a member, please see our website or contact us at corporate.governance@eciia.euEuropean Governance Magazine . April 2012
  4. 4. 4 NEWS eB ookPublic standardsThe Chartered Institute of Public She was assurance partner at services or agencies directly of pan-European IT systems,Finance and Accountancy (CIPFA) PWC until 2011, specialising in involved in the management and research platforms or evenand the Chartered Institute of government and the broader delivery of major infrastructural space programmes. They mayInternal Auditors (IIA) jointly public sector, including wide programmes in addition to its concern any policy: energylaunched the UK Internal Audit experience of internal audit. more usual role of reviewing supply, transport, customsStandards Advisory Board (IASAB) Meanwhile, Pascal Hallez, whether financial EU contributions controls, immigration, food safety,in March 2012. Internal audit who leads one of the European were spent according to sound nuclear security, pandemicstandard setters aim to develop Commission’s Internal Audit financial management principles management, carbon-quotaUK-wide Public Sector Internal Service units, says that the and in compliance with the rules. management and many others.Audit Standards (PSIAS). The function has widened its remit. The infrastructural You can read more aboutIASAB will provide oversight andchallenge for this process. The IAS is increasingly auditing programmes are likely to consist the IAS’s role, here. Don’t Get The new unified set of internalaudit standards will be based on Stung Last chance for early-bird conference discountthe mandatory elements of theIIA’s International Professional by the UKPractices Framework, and it is conference are available For those who miss theproposed that they will apply at a discount of €200 for early-bird discount, registration Bribery Actacross the UK to central and delegates who book before will cost €1,250 for members Leveraging audit analyticslocal government and the NHS May 1 – that’s a 16% saving and €1,450 non-members.(excluding foundation trusts). on the cost for members. There is a special group rate of for compliance testingOther sectors and jurisdictions The conference, hosted €950 per person for bookingswill be able to adopt PSIAS if by IIA Netherlands, takes of ten or more delegates – but » Download eBookthey choose, and health sector place in Amsterdam on please note that the early-birdregulator Monitor, the Government If you want to take advantage September 12-14. This year, discount does not apply.of the Republic of Ireland and of the early-bird discount the conference is designed For more information:the European Union have also offer on the ECIIA’s European to be highly interactive, so Click here for more: http://nominated Board observers. Conference 2012, you need delegates can get more Janet Eilbeck was appointed to act fast. Places at the involved in the proceedings. eciia-conference-2012independent chair of the IASAB. Governance Magazine . April 2012
  5. 5. 5 COVER FEATURERemixing regulationBanking supervisors want internal auditto play a more central role within bankregulation, as Arthur Piper reportsInternal auditors are set to playa more integral role in ensuring of the banking crisis in 2007 and afterwards, the profession has subsequently considered what rolesound corporate governance in it might be able to play in order tobanks if proposals set out in the prevent such future catastrophes.most recent guidance by the The document represents the firstBasel Committee on Banking comprehensive overhaul of thinkingSupervision are rubber-stamped. on internal audit by the CommitteeThe document, The internal since its 2001 paper, Internal auditaudit function in banks, sets out in banks and the supervisor’sprinciples aimed at enhancing relationship with auditors.internal audit’s effectiveness and So what’s new? The Committeecovers everything from the role has taken a stronger stance on theof the auditor to the function’s independence of the internal auditrelationship with the regulators. function in several of its principles. While internal audit was seldom For example, principle two states:directly implicated as the cause “The bank’s internal audit » European Governance Magazine . April 2012
  6. 6. 6 COVER FEATURE“The internal audit function is meant to provide global assurance to the board on the internal control and risk management systems pertaining to all governance objectives”» function must be independent Welcomeof the audited activities. This “A lot’s happened over the past tenrequires that the internal audit years both in the banking sectorfunction has an appropriate and in the professionalisation Increase your efficiency and boost your productivity TMstanding within the bank, enablinginternal auditors to carry out their of internal audit,” says ECIIA president Carolyn Dittmeier, with TeamMateassignments with objectivity.” who worked with Global IIA In addition, principle ten says on the profession’s official TeamMate is used by over 80 000 auditors around the world and is thethat the audit committee – or the response. “So, we welcome industry standard in Audit Management Systems. TeamMate providesbank’s equivalent – should be this document on supervisory a platform to deliver high quality audits, standardise the workpaperresponsible for overseeing the guidance and the effectiveness process, leverage auditor knowledge, enhance audit reporting and provideinternal audit function; and that it of internal audit in banks.” management with key information.should report to both the non- While broadly positive, the IIA’sexecutive and executive boards. response has called for clarification TeamMate was designed for use across all business sectors for all types Principles six and seven in some of the Committee’s of audits. Audit departments of all sizes are using TeamMate to increaseunderline the broad, potential principles. In particular, the the efficiency and productivity of their entire audit process, including: risk assessment, scheduling, time and expense tracking, planning, execution,scope of audit work, so that excessive attention to regulatory review, report generation, trend analysis, committee reporting and storage.internal auditors following the surveillance rather than globalproposed guidance would assurance could be construed ascover “every activity (including potentially restricting the overalloutsourced activities) and every responsibilities of the internal audit Add audit efficiency to your daily routine.entity of the bank,” including function, especially given that theits regulatory responsibilities. Compliance function has been » Call 020 7981 0566 or visit Copyright © 2012 Wolters Kluwer Financial Services, Inc. All Rights Reserved.European Governance Magazine . April 2012
  7. 7. 7 COVER FEATURE» reinforced just for this cause. In advice and counsel. In order consultation is addressing some annual risk-based internal audit clash with existing regulations.his letter to the Basel Committee, to maintain its independence, of the issues that constrained the plan that can be part of a multi- “The consultation paperRichard Chambers, Global IIA’s internal audit should act internal audit function in banks year plan.” He wrote to the shows that there is a need forchairman, said: “With regard to its as an advisor and not have before the credit crunch.” Committee: “The head of internal harmonisation in respect of theassurance role to the board, the responsibility for the committee’s Peters says that the UK and audit takes into account audit scope of activity of all banksinternal audit function is meant work. It should also perform Ireland Institute emphasised the risk factors as well as the bank’s since this scope is fundamentallyto provide global assurance to and report on fraud analysis benefits of a risk-based approach risk organisational objectives and different from the regulations thatthe board on the internal control and conduct special verification to internal auditing in its own risk management framework, apply in national regulations,”and risk management systems of potential irregularities. official response to the Basel including using risk appetite it said. “Certain sections ofpertaining to all governance Committee, rather than any regime levels set by management for the the proposed provisions inobjectives. This encompasses Tools that would enable the regulators to different activities or parts of the the consultation paper are inbusiness control objectives, “The internal audit profession has prescribe the scope and direction organisation. If the framework conflict with the legally foreseenfinancial reliability, regulatory developed a lot of tools to help of the function’s activities. He says does not exist, the head of internal powers of senior managementand legal compliance, etc.” banks achieve good governance,” this would allow internal auditors audit will consider perceived and the tasks of the board of Principle five recommends says Dittmeier, “which was why to focus on the risks they judged risks on the basis of consultation directors in subsidiaries.”that each bank has an internal we also recommended that the to be of greatest significance with senior management.” One of the potential areasaudit charter that “articulates the Committee enshrine the IIA’s Code of conflict that arises under thepurpose, standing and authority of Ethics and its International Committee’s proposed system isof the internal audit function Standards for the Professional “The internal audit profession has the role of internal audit and thewithin the bank”. Chambers wrote Practice of Internal Auditing regulators. How far is internal auditthat there should be guidance into its principles. That way, we developed a lot of tools to help banks to be an arm for the regulatoron the minimum requirementsfor an internal audit charter. know that everyone is singing off the same hymn sheet.” achieve good governance” and how far is it an independent function within the bank aimedHe suggested that internal “The proposals recognise at ensuring good governanceauditors should at least, provide that internal auditors must be at any one time. “We want to Banks’ response practice? The question drewinformation about evolving models given an enhanced status and ensure the balance is effective The banks have also given a intense debate from participantson governance, risk, control and standing within the banking so that it produces the outcome guarded welcome to the proposals, at the ECIIA’s conference incompliance (GRCC) to board sector and can play a greater that we all wish to see - better but want to ensure that they are Madrid in 2011 and is still causingmembers promote education part in avoiding another banking management of risks,” he says. workable in practice. For example, concern in the financial sector.of bank personnel on GRCC to crisis,” says Ian Peters, chief The IIA reinforced this concept the European Association of Public “The internal audit function’sensure awareness and importance, executive of the Chartered in the letter written by Chambers: Banks and Funding Agencies assurance and advisory roleand attend the bank’s governance Institute of Internal Auditors in “The head of internal audit is wrote to the Committee to say to management must not becommittee meetings to provide the UK and Ireland. “The Basel responsible for developing an that some of its principles may undermined by supervisory »European Governance Magazine . April 2012
  8. 8. 8 COVER FEATURE“The internal audit function’s assurance and advisory role to management must not be undermined by supervisory authorities’ requests for information”» authorities’ requests for and internal audit has beeninformation,” said the European significantly expanded. In particular,Association of Public Banks and more attention is paid to theFunding Agencies. “There is a way these groups communicate,need to clearly define reporting particularly when it comes toand responsibility lines for the sharing of information. Importantly, ©REUTERSinternal audit function.” the proposals recognise that The issue arises because the this is a two-way relationship RAPID DEPLOYMENT. IT INDEPENDENCE.consultative document explicitly and that supervisory authoritiesrecognises the role of the three should consider sharing relevant LEVERAGE THE POWER OF THE CLOUDlines of defence model and dealsin detail with the relationship of information with internal audit (Principle sixteen). This lack of FOR INTERNAL AUDITinternal audit, compliance and interaction was at the heart of Thomson Reuters Accelus on demand internal audit software enables you to improve and streamline your internal audit process in weeks — not months.risk management. Although the recent financial crisis. WHY SOFTWARE AS A SERVICE?the Committee’s 2001 paper Getting the wording in the final • RAPID DEPLOYMENT. Get started fast and always run on the latest version.recognised reliance on the work document will be critical because • ANYTIME, ANYWHERE. Access your data with a standard web browser.of other departments this was what is at stake is better governance • SELF-SUFFICIENT. Control your software upgrades, support and resources.only done in a limited way. in the banking sector and the • TRUSTED VENDOR. Proven track record with years of on demand deployments. In the current version, the chance to reduce the risk of another • POWERFUL REPORT GENERATION. Easily create, schedule and distribute reports.relationship between supervisors major banking crisis in future. Learn why Thomson Reuters Accelus has more clients in the cloud than any other audit management software vendor at To request more information or schedule a demo, email us at Governance Magazine . April 2012
  9. 9. 9 FEATUREHelping directorsto improveBoard directors across Europe are keen to knowmore about corporate governance and assurance,the head of Ecoda tells Neil BakerIf Europe is going to find a path back to steadyeconomic growth, it needs Not only was it unfair to tar all business leaders with the same brush, it was counter-productive, go elsewhere,” warned Sorrell. The new-found willingness of politicians to involve themselvesa confident and optimistic Sorrell argued. A “cowed and in complex business affairs – notcorporate sector. But there’s an hobbled” business sector would least corporate governance – isair of discontent inside many of not create economic growth, jobs something that concerns Patrickthe continent’s boardrooms. Sir or tax revenues. If politicians didn’t Zurstrassen, chairman of theMartin Sorrell, chief executive change their line of attack, “The European Confederation ofof global advertising giant WPP, alternatives will be to invest and Directors’ Associations (Ecoda), »caught the mood in a recentarticle for a British newspaper.People were rightly angry aboutbehaviour in the banking industry, “There is a need for directors tohe wrote, but politicians were understand governance better,engaging in “indiscriminatebusiness bashing” in the belief from a higher viewpoint, and they Head of Ecoda,it would win them votes. are eager for this knowledge” Patrick ZurstrassenEuropean Governance Magazine . April 2012
  10. 10. 10 FEATURE» a body that represents many director can hold, have all and a governance issue such asof Europe’s leading professional become issues where national the number of posts a director Three lines of defencebodies for board directors. parliaments, regulators and the can hold. Consequently, he does There has long been a European Commission have all not support legislation – such The three lines of defence model explains how thetendency in the media to criticise seen fit to become involved. as that introduced in France various people involved in an organisation’s riskcorporate leaders, Zurstrassen The problem, says Zurstrassen, and Belgium and considered management efforts should work together.notes. Typical charges are that is that corporate governance is a at a European level for financial The first line of defence is operational managers. Theythey put their own interests complex and nuanced area. “We firms – that puts a fixed limit are responsible for assessing, controlling and mitigatingahead of other stakeholders, pay are concerned about the risk of on the number of posts one risks. The second line of defence is the specialistthemselves stunning rewards an over-reaction on the regulatory director can hold. “That is an departments in the business – such as risk management andfor mediocre performance, and front and the politicisation of obvious over-reaction,” he says. compliance. Their role is to help managers follow good riskonly recruit board members some issues,” he says. “We The amount of time required management practices and to ensure they report the right to be an effective director will risk-related information up and down the organisation. vary from one company to The internal audit function is the third line of defence.“We are concerned about the risk of an another, Zurstrassen argues: Its role is to provide assurance to the organisation’s over-reaction on the regulatory front “Whether a person can make sufficient commitment to be governing body and senior management about how well the organization is assessing and managing risks, including and the politicisation of some issues” a director should be decided how well the other two lines of defence are operating. at the level of every board.” Regulators or professional bodieswho are just like them. Non- have to accept that we work in might want to issue guidance backgrounds are interested in the rules and expectations in theexecutive directors, too, have a society where some business on the topic, but it should be idea of taking a seat on a board. financial sector in particular arebeen attacked, usually for failing issues have a political nature for boards to decide what action “Due to the crisis, directorship becoming more detailed andto challenge senior executives. and need to be dealt with by the best suits their business. might not have the professional rules-based, he argues. This In the wake of the financial political system, but we prefer Zurstrassen’s wider concern is appeal it had in the past,” he trend isn’t entirely negative – ifcrisis, politicians across Europe, the exercise of freedom.” that the willingness of politicians says. “But, as a professional financial firms are working withinfrom all ideological hues, have Zurstrassen draws a distinction and regulators to dictate body, we have to fight and keep a governance model that is moreseen votes in this debate. between a social issue such as boardroom behaviour might deter attracting people to the role.” tailored to their needs, that is aCorporate governance issues gender equality – where he does experienced business people from There is already a trend good thing, Zurstrassen believes.such as executive pay, gender accept that political action may becoming board directors. He has for directors to specialise in “These businesses work in aequality in the boardroom, and be appropriate, although it is not already noticed that not enough increasingly narrow business different regulatory framework andthe number of posts a single something Ecoda advocates – people from audit and legal areas, he says. The governance have different social »European Governance Magazine . April 2012
  11. 11. 11 FEATURE it does make life more difficult members launches a training lines of defence” model of About Ecoda for board directors at companies that operate across borders, initiative aimed at directors, “the demand has always been risk management and internal control (see sidebar). This will The European Confederation of Directors’ Associations is a or that need to understand higher than the supply,” he says. be especially useful to audit not-for-profit association based in Brussels. It was founded in what good governance looks “There is a need for directors to committee members, which is December 2004 and represents ten national director associations, like in other parts of Europe. understand governance better, a priority, says Zurstrassen. including the British Institute of Directors, the Belgian Guberna Since 2010, Ecoda has run from a higher viewpoint, and they The European Commission’s and the French Institut Français des Administrateurs. Its mission professional training courses to are eager for this knowledge. forthcoming governance directive is to promote corporate governance at large, to promote the role help directors to deal with this We don’t know the limits, the is likely to say more about the of directors towards shareholders and corporate stakeholders, challenge. The aim is to help depths of demand. But we know technical knowledge expected and to promote the success of its national institutes. participants benchmark their that whenever we provide more of directors who sit on audit For more information: own board and governance supply, the demand is there.” committees. “Not all directors practices with those of similar Europe needs better trained have a background in auditing companies in other European and more informed directors, or finance, so we want to help» responsibilities, so governance pay and diversity – and these countries. The courses also Zurstrassen says, and Ecoda them with guidance on the roleneeds to be done differently.” would introduce a level of provide an expert briefing on the has an important role to play of the audit committee, what a But it does mean that new consistency across Europe, key policy issues and regulatory in that regard. It has already best practice committee looksdirectors need more time to when and if they are adopted changes in European corporate produced guidance for directors like, and how it should workget up to speed, and it can into national laws or codes of governance. “The programme of unlisted companies and for with both internal and externaldeter those from outside practice. But in the meantime, has been very successful,” audit committee members. audit,” he says. “Working withthe sector – who can bring increased national-level political says Zurstrassen. “We’ve had One of its next projects is the ECIIA will help us to givevaluable and diverse business and regulatory action is creating people coming from all countries, a joint initiative with the ECIIA. directors the practical insightsexperience – from becoming more of a patchwork approach learning from each other and The goal is to provide guidance they need to perform theirinvolved. However, the core to governance across Europe. sharing their experiences.” for directors on the “three role more effectively.”principles of what the board is This is not necessarily a Ecoda is looking at extendingfor, and what makes a director concern, says Zurstrassen. the programme next year.effective – providing oversight, The European Commission The success of thetransparency and a balance ofinterests – apply across industry long ago ruled out the idea of trying to create a pan-European programme reflects the fact that directors across Europe are taking “Due to the crisis, directorship mightsectors, Zurstrassen argues. corporate governance code. a more professional view of their not have the professional appeal it had The European Commissionhas several governance-related Differences in company law and business culture would make that role, and are eager for training opportunities, Zurstrassen says. in the past. We have to fight and keepinitiatives in the pipeline – on impossible, Zurstrassen says. But Whenever one of Ecoda’s national attracting people to the role”European Governance Magazine . April 2012
  12. 12. Our mission Director of the publication Carolyn Dittmeier Editor Arthur Piper» To be the consolidated voice for the profession of internal auditing in a widely defined Europe by promoting sound corporate governance Direct 0115 958 2024 with the European Union, its Parliament and Commission and Produced by any other European or global institutions of influence. Smith de Wint for the ECIIA» To promote corporate governance and the profession in Smith de Wint economically emerging countries, as appropriate, within the 95 Harlaxton Drive wider geographic area of Europe and the Mediterranean basin. Lenton, Nottingham NG7 1JD» To promote the mission of the Global IIA. Views and opinions presented inIIA Austria IIA Italy this newsletter are the writers andIIA Azerbaidjan IIA Latvia do not necessarily represent theIIA Belgium IIA Lithuania official positions of ECIIA.IIA Bosnia and IIA Luxembourg IIA Montenegro Bulgaria IIA Morocco Croatia IIA Netherlands www.iia.nlIIA Cyprus IIA Norway www.nirf.orgIIA Czech IIA Poland Denmark IIA Portugal www.ipai.ptIIA Estonia IIA Romania www.aair.roIIA Finland IIA Serbia France IIA Spain www.iai.esIIA Germany IIA Sweden www.internrevisorerna.seIIA Georgia IIA Switzerland www.svir.chIIA Greece IIA Tunisia Hungary IIA Turkey Iceland IIA UK & Ireland European Confederation of Institutes of Internal Auditing Koningsstraat 109-111 Bus 5 BE – 1000 Brussels, Belgium.