1. Workshop on Risk and Audit
LIVING AND
WORKING IN A
RISKIER WORLD
PROFESSION – INNOVATION – DIVERSITY
2. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
Workshop on Risk and Audit
Introduction
Gaëtan Lefèvre
President BELRIM, facilitator
Risk Manager’s view
Torgny Bogärde
Senior Partner, Allevo AB
Internal Auditor’s view
Melvyn Neate
Experienced Internal Audit Director, ECIIA
Audit Non ECIIA Internal Financial Reporting
Silvio de Girolamo
Chief Internal Audit and CSR Officer, Autogrill Group
How to challenge the current situation ?
Jonathan Blackhurst
Head of Risk Management, Capita Plc
2
3. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
Workshop on Risk and Audit
Introduction
Gaëtan Lefèvre
President BELRIM, facilitator
Risk Manager’s view
Torgny Börgade
Senior Partner, Allevo AB
Internal Auditor’s view
Melvyn Neate
Experienced Internal Audit Director, ECIIA
Audit Non ECIIA Internal Financial Reporting
Silvio de Girolamo
Chief Internal Audit and CSR Officer, Autogrill Group
How to challenge the current situation ?
Jonathan Blackhurst
Head of Risk Management, Capita Plc
3
5. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
The Risk Manager´s view
5
Background
New (financial and corporate) crisis
New Directives and regulations
New Charters and Codes
More complex risks.
Speed of impact
New demands on better Governance (including Controls),
Reporting and more Transparency.
6. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
Role and context of Risk Management
Role:
It is a support function in itself
It delivers reports and advice to its Principal, which is Board or
Top management and Risk Committee
It co-operates and co-ordinates with other support functions
(Internal Audit, Compliance, Strategy, etc..)
It provides service, support and advice to operational
management
Context:
Part of Three lines of defence model or more specific second
line of defence.
6
7. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
Relationship between Internal Audit and
Risk Management – a Risk manager´s view
Yesterday and today: Illiteracy and
scepticism, sometimes competition and even
hostility. Perceived lack of harmonisation
between these functions at board level
Tomorrow: Shared vision and goals,
information sharing – partnership
7
8. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
Why more integration between Risk and
Audit
An increasingly complex world with more globalisation,
digitalisation and outsourcing.
Avoid higher costs and operational losses
Avoid assurance gaps
Minimize duplication of efforts and confusion
Same process and language to be used
Risks are interdependent and do not respect functional
boundaries
8
10. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
The Risk Manager´s view
10
If you want to go fast, go alone
If you want to go far, go together
African saying
11. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
Workshop on Risk and Audit
Introduction
Gaëtan Lefèvre
President BELRIM, facilitator
Risk Manager’s view
Torgny Börgade
Senior Partner, Allevo AB
Internal Auditor’s view
Melvyn Neate
Experienced Internal Audit Director, ECIIA
Audit Non ECIIA Internal Financial Reporting
Silvio de Girolamo
Chief Internal Audit and CSR Officer, Autogrill Group
How to challenge the current situation ?
Jonathan Blackhurst
Head of Risk Management, Capita Plc
11
12. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
RISK BACKGROUND
Libor rate fixing FIFA
Volkswagen Enron
BP Deepwater Horizon Oil Spill Worldcom
News of the World phone hacking
UK MP expenses Olympus loss-hiding
13. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
WHAT SHOULD WE DO?
Major risk exposures have devastating impacts, not only on businesses and
government but also on public confidence and the economy
Vital for all involved in risk management to co-ordinate their efforts and deploy
their combined yet limited resources in the most effective manner
Roles of Risk Committee and Audit Committee are crucial
3 Lines of Defense model provides excellent framework
Risk Management and Internal Audit must co-ordinate their activities
Focus on ‘future’ risks - horizon scanning - prevention better than cure!
13
14. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
RISK RESPONSIBILITIES
Board - overall responsibility for risk oversight, ie approving the risk strategy and
appetite
CEO and executive team - accountable to the Board for delivering the organisation’s
objectives and threats to their achievement - risk management and internal controls
Audit Committee - monitors and evaluates the effectiveness of corporate governance,
risk management and internal control
Risk Committee – assists the Board in ensuring that there is an effective risk
management process, ie risk strategy, framework, appetite, how risks are managed
and reported
Chief Risk Officer - helps develop risk management strategies, standards and
policies, championing and co-ordinate risk management activity, training and
guidance, provides risk information
Chief Audit Executive – provides independent assurance on corporate governance,
risk management and internal controls
14
15. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
THE 3 LINES OF DEFENSE
Endorsed by ECIIA and FERMA
Many people involved in risk management but resources are
limited and so it is imperative to effectively co-ordinate activities –
this helps avoid duplication as well as identify gaps!
1st line = Operational management – own, assess and control risk
2nd line = Internal governance functions, eg risk management,
financial control, compliance, inspection, quality control, security,
etc. – helps 1st line to implement effective risk management
practices
3rd line = Internal Audit – provides independent assurance on
effectiveness of corporate governance, risk management and
internal control, including effectiveness of 1st and 2nd Lines of
Defense
15
16. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
Workshop on Risk and Audit
Introduction
Gaëtan Lefèvre
President BELRIM, facilitator
Risk Manager’s view
Torgny Börgade
Senior Partner, Allevo AB
Internal Auditor’s view
Melvyn Neate
Experienced Internal Audit Director, ECIIA
Audit Non ECIIA Internal Financial Reporting
Silvio de Girolamo
Chief Internal Audit and CSR Officer, Autogrill Group
How to challenge the current situation ?
Jonathan Blackhurst
Head of Risk Management, Capita Plc
16
17. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
ECIIA INTERNAL AUDIT
NON FINANCIAL REPORTING
17
September the 29th 2014, the European Union Council adopted the Directive on the disclosure of non-
financial and diversity information.
To comply with the new measures, public interest entities (defined by Art. 2 of the 2013
Accounting Directive as: listed companies, credit institutions, insurance undertakings, others
defined by Member States as public-interest entities) with more than 500 employees will report
on:
environmental, social and employee-related, human rights, anti-corruption and bribery matters.
Companies will also have to describe their business model, policies, outcomes of the policies and
principal risks on the above matters, the diversity policy applied for management and supervisory
bodies, and relevant non-financial KPIs.
Member States have 2 years to transposed the directive into national laws. Additionally, member
States may exempt companies that provide a report of the FY which covers the same content and if
it’s published with the management report in accordance, or made publicly available within 6
months after the balance sheet date.
18. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
18
In April 2015 the European Confederation of Institutes of Internal Auditing
(ECIIA) published the guidance - Non-financial reporting: building trust with
internal audit.
Enhancing Integrated Reporting; Internal Audit Value Proposition issued by The
Institute of Internal Auditors (F-NL-E-UK)
The guidance shows how internal audit can help organizations achieve better
transparency in their reporting and improve their corporate governance when
implementing the new European Directive on Non Financial Reporting.
ECIIA INTERNAL AUDIT
NON FINANCIAL REPORTING
19. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
19
ECIIA INTERNAL AUDIT
NON FINANCIAL REPORTING
Regarding non-financial reporting process and disclosures,
internal audit can provide assurance that the risks are being
effectively mitigated and suitable controls have been
implemented.
Assurance over non-financial information is a developing area
and internal auditors are in a good position to provide it as they
have experience in carrying out assurance engagements in
accordance with professional standards.
Integrated assurance relates to the coordination of external and
internal assurance providers in order to achieve a level of
assurance that best balances cost and utility with market and
regulatory requirements.
20. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
Workshop on Risk and Audit
Introduction
Gaëtan Lefèvre
President BELRIM, facilitator
Risk Manager’s view
Torgny Börgade
Senior Partner, Allevo AB
Internal Auditor’s view
Melvyn Neate
Experienced Internal Audit Director, ECIIA
Audit Non ECIIA Internal Financial Reporting
Silvio de Girolamo
Chief Internal Audit and CSR Officer, Autogrill Group
How to challenge the current situation ?
Jonathan Blackhurst
Head of Risk Management, Capita Plc
20
25. BRUSSELS, 20-21 October
www.ferma.eu
FORUM 2015
Venice, Italy 4-7 October
Don’t forget!
Your evaluation and comments are the only way for
FERMA to obtain information in order to improve the quality
of the sessions
• Please fill in the documents given to you by our
hostesses
Or
• Use the mobile application and earn points for the
Leaderboard game!
25