Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Farid Aractingi - The changing face of the Internal Audit in Europe
1. Internal Audit:
The changing face of the Internal Audit in Europe
Auditor of the future: trusted & influencing advisor
Farid ARACTINGI
ECIIA, President
2. Enhancing governance through internal audit2
GOVERNANCE in view of sustainable performance
INTERNAL AUDIT in the heart of good governance
ECIIA at the service of Internal Audit
We now live in an incredible world…
… but incredibly crazy
so we need to refocus on basics:
performance – and sustainable performance
3. Enhancing governance through internal audit3
Crazy world: globalization & unstable environments
Speedy transformations for Society & Business
Bankruptcy
Sovereign
debts
rise - fall – rise again
of BRICS
Industrial
Delocation
then / or Relocation
Demographic
imbalance
Cultural
standardization
economic fight
easy access to
Technologies
Dematerialization
of intermediaries
"Premium vs Low-cost"
.. 2.0
...3.0
...4.0
Digital
bahavior
Social
networks
impacts
Climate
deregulation
Agility
requirement
Frugality
approach
Excesses / cycle of ‘permanent’ crisis
Biotechnologies
Artificial
Intelligence
Cyberattack
Migration
flows
Global
Supply chain
4. Enhancing governance through internal audit4
12-2001 07-2002 07-2007 01-2008 09-2008 12-2008 04-2010 04-2010 06-2017 04+11-2017 07-2017
2002
2003
2004
ERM approach
EU directive
2009
2010
remuneration
and introduction of
standardised EU
regulatory reporting
2013
Audit Committee
Missions
Requirements
Liability
2016 and later…
Crazy world: the terrible decade
from crisis to restoration of confidence through regulation
Bank for International Settlements
60 central banks
5. Enhancing governance through internal audit5
Crazy world: Command & Control interrogations
Three reasons why good strategies fail:
Execution, Execution, Execution…
(Lawrence G. Hrebiniak, Wharton)
But can better execution be taught?
You can at least make people aware of the key
variables…
“A mediocre strategy well executed is better
than a great strategy poorly executed”
(The execution trap, Harvard Business Review)
42,600 references in Google
What is sustainable
performance?
How do we measure that a Board is effective?
Is there a “golden triangle”
with A.C., I.A. and E.A.?
Why do companies need good governance?
6. Enhancing governance through internal audit6
Crazy world: today’s response is “the 21st century leitmotiv"
[ Good governance* ]
for a sustainable performance
(*) Governance is a performance tool
(*)
October 4th 2017
(*) Etymology :
From latin gubernare, and therefore from the Greek Kivernao (Κυβερνάω) that means “govern”
To govern is both “do the right things”
and “do the things right”
7. Enhancing governance through internal audit7
what means a good Governance?
what impact for Internal Audit teams & structure?
how can ECIIA help the profession in these (r)evolutions?
But:
9. Enhancing governance through internal audit9
SYSTEM composed by all
processes, structures, laws, regulations and
institutions aimed at defining the way the company
is managed, run and controlled
3 KEY WORDS
Formalisation
Transparency
Capacity to say “no”
Improve the DECISION QUALITY,
in view of sustainable performance
STAKE HOLDERS
Board of Directors, Executive Management, Operating Management,
Employees, Analysts, Clients, NGO’s, …
Within the organisation
WHAT?
HOW? WHO?
WHERE?
WHY?
Always, continuously, and not to tick boxes before formal milestones
WHEN?
Mandatory – and payback is immediate when the first risk has been
put under control
HOW MUCH?
Good governance: W5H2 of Governance
10. Enhancing governance through internal audit10
bureaucracyhyper-liberalism
Compliance Efficiency Internal
Audit
Internal
Control
Risk
Management
Shared
repositories
With an inseparable tryptic
at the service of good governance
Governance
Good governance: I.A. involvement
A guarantee of balance and, therefore, a guarantee of performance
11. Enhancing governance through internal audit11
Good governance
The 3 Lines of Defence model, as a mean for effective organisation
Board of Directors
Protect shareholder interests
• Approve the guidelines proposed by the Board of Directors: accounts, dividends, capital
transactionles administrateurs
• Elect directors
Secure long-term sustainability of the Cie
• Validate the strategy
• Control the operations
• Co-manage the company in crisis mode
Executive Management
Board of Directors – Audit Committee
Deliver short-term operational performance
• Propose a strategy
• Conduct operations aligned with the strategic plan
“Make your numbers”
“Grow your people”
General shareholder assembly
12. Enhancing governance through internal audit12
1STLINE
Operational
management
• has ownership, responsibility and accountability for assessing, controlling
and mitigating risks
2NDLINE
Internal
governance
functions
(Group support & control functions)
• monitors and facilitates the implementation of effective risk management
practices by the 1st line
• assists risk owners in reporting adequate risk-related information throughout
the organization
3RDLINE
Internal Audit
• provides assurance to the Group governing body and senior management
on the organization’s effectiveness in assessing and managing its risks and
related internal control systems, including the manner in which the 1st and
2nd lines operate.
To ensure clarity of roles and responsibilities in organizational governance, the “3 LoD model”
defines each level of control:
Good governance
Internal audit positioning within this 3 LoD
14. Enhancing governance through internal audit14
As an internal auditor
what do I have to do?
“To enhance and protect
organizational value
by providing risk-based and objective
assurance, advice and insight”
15. Enhancing governance through internal audit15
What I.A. do they need?
Focused on our distinctive features
Independence
▪ essential marker of our profession
Cross-functionality, sponsor of:
▪ long-term and sustainable performance rather than isolated shining star
▪ global coherence, rather than silo approaches
Discipline of execution
▪ key success factor for decision-making after fruitful and contradictory debate
Pragmatic courage
▪ speak the truth with neither arrogance nor complacency
Guardian of the temple (the Internal Control temple…)
Auditor: a robust and well-equipped business
partner, supported by both a panoramic 360° vision
and a proven methodology, able to make a diagnosis
but also to advise.
16. Enhancing governance through internal audit16
What I.A. do they need?
Engaged in skills refurbishing
Auditor: committed to the transformation of our
stakeholders, relying on their business processes to get
the strategic vision, while keeping operational energy.
Required basics on technical audit skills
+
Conjugate antonyms:
Analysis capacity vs synthesis capacity
Scepticism by default vs intuition feeling
Process Control vs innovative recommendations
Understanding of business stakes vs naïve creativity
Written & oral communication vs English gentleman behaviour
Confidentiality vs transparency at the right level
Targeted sampling vs predictive analysis with big data
17. Enhancing governance through internal audit17
What I.A. do they need?
Reliable actors of good governance
Auditor: its concern is no longer confined to financial
risks alone. It should cover all themes:
▪ deployment of strategies ▪ adequacy of resources ▪ degradation of
image ▪ new business models ▪ corruption & fraud ▪ …
Rework your behaviour
Understand complex and volatile contexts
• calls for both subtlety and determination
• augments credibility of our reports
• gives a new aura to our jobs
More than ever
• start with business processes and operational objectives
• analyse related risks
• imagine those which are unlikely but with devastating impacts
18. Enhancing governance through internal audit18
I.A. involvement:
Our transformation
The profession is evolving a lot
and it is now important than ever to be more:
Rigourous
Professional
Good communicator
Flexible/Reactive
Global coordinator
to “get a seat at the table ”
financial
controller
trusted
business
partner
20. Enhancing governance through internal audit20
European Confederation of Institutes of I.A. (ECIIA)
Represents the I.A. profession in Europe and Mediterranean basin
Collaboration tool
(Research – Other tbd)
from a national
to the European dimension
Lobbying tool
vàv European bodies
Coaching
institutes
Exchange
between presidents
35 National Institutes
47.000 members
Way to work:
Furthering the development of
good Corporate Governance and Internal Audit
at the European level,
through knowledge sharing,
developing key relationships,
and impacting the regulatory environment
21. Enhancing governance through internal audit21
ECIIA advocacy targets
influence
Objective:
Promote good corporate governance
& appropriate recognition of I.A. in European
regulations and Corporate Governance codes
European Parliament European Commission Banking Authority
Central Bank Insurance & Occupational Securities
Pensions Authority & Markets Authority
collaborate with
1 2 3
4 5 6
FERMA Confederation of Public Finance Control
Risk Management Directors Associations
represent interests of lobby group representing Accountancy
publicly quoted compagnies enterprises of all sizes Europe
Objective:
Build relationships with key institutions interested in
Corporate Governance at European level
Organize common events, make common
publications...
1 2 3
4 5 6
22. Enhancing governance through internal audit22
A position paper: “At the junction of corporate governance and cybersecurity”
22
Example #1: Cybersecurity corporate governance
(publication with Ferma)
28. Enhancing governance through internal audit28
GDPR and the data protection challenge
Not only a cybersecurity issue…
Governance angle…
Wider geographic aspect
[ Back to Hot
Topics 2018 ]
29. Enhancing governance through internal audit29
Aware, yes: but..
Governance issues
Creating a ‘cyber culture’
Cybersecurity: a path to maturity – 1/4
The 5 core functions of effective cyber security:
■ Identify ■ Protect ■ Detect ■ Respond ■ Recover
30. Enhancing governance through internal audit30
The internal audit can play a role in the :
Development
Implementation
Ongoing assessment
Independent overall assurance on efficiency &
effectiveness
of cyber risk management plans
Cybersecurity: a path to maturity – 2/4
31. Enhancing governance through internal audit31
Our proposal for
cyber governance(*)
(*) Proposal from ECIIA Ferma position paper at
the junction between cybersecurity and
governance
Cybersecurity: a path to maturity – 3/4
32. Enhancing governance through internal audit32
Risk Management & Internal Audit relationship in cyber
Cybersecurity: a path to maturity – 4/4
[ Back to Hot
Topics 2018 ]
34. Enhancing governance through internal audit34
The role of Internal Audit
Assist for the inventory of the Regulator Bodies requirements
affecting the company
Assess the company approach to managing global compliance
activities
Evaluate company’s response to any notable instance of non
compliance
Ensure compliance training programs offered to employees and
other stakeholders are appropriate
Collaborate with compliance for an integrated approach of risks
ad controls of non compliance
Provide assurance with regards to the design and operating
effectiveness of the organization compliance framework
Regulatory complexity and uncertainty – 2/2
[ Back to Hot
Topics 2018 ]
36. Enhancing governance through internal audit36
The role of internal audit:
Conduct assessment of the organisations emerging
products, technologies,…in relation to industry standards
Evaluate changes in the business model impacting the risks
and controls linked with innovation
Review policies and procedures around innovation in terms
of governance, controls, data integrity, security and privacy
and supplier management compliance
Evaluate disaster recovery and business continuity plans in
light of the innovation and new technologies
Assess governance , risks and controls implemented for the
new products, technologies,…
Pace of innovation – 2/2
[ Back to Hot
Topics 2018 ]
39. Enhancing governance through internal audit39
The role of internal audit
Review third party identification due diligence processes and
controls
Evaluate contract management processes used by Management
to track third party relationships
Monitor regulatory developments related to third parties
Enforce and ensure consistency of right to audit clauses in third
parties contracts
Assess third party compliance with company information security
standards
Assess continuous monitoring system of reporting data from
third party business partners
Vendor risk and third party assurance – 2/2
[ Back to Hot
Topics 2018 ]
41. Enhancing governance through internal audit41
The role of internal audit
The Scope of internal audit includes the risk and control culture of
the organisation.
Assess:
• processes (e.g. appraisal and remuneration)
• actions (e.g. decision making)
• “tone at the top”.
Whether in line with the values, ethics, risk appetite and policies of the
organisation.
Consider attitude and assess approach taken by all levels of
management to risk management and internal control.
Including management’s:
• actions taken in addressing known control deficiencies
• regular assessment of controls.
The culture conundrum – 1/2
42. Enhancing governance through internal audit42
The culture conundrum – 2/2
Risk culture - definition
“Risk culture is a term describing the values, beliefs, knowledge and
understanding about risk shared by a group of people with a common
purpose, in particular the employees of an organisation or of teams or
groups within an organisation.”
(Under the Microscope – Guidance for Boards, Institute of Risk Management, 2012)
Auditing cultural indicators – main approaches:
1. Incorporate into each audit (e.g. root cause analysis)
2. Thematic - auditing cultural indicators throughout organisation
(e.g. recruitment, training, performance management and reward)
[ Back to Hot
Topics 2018 ]
43. Enhancing governance through internal audit43
The demographic challenge
New roles
New skills
New attitudes
A new view of the workforce
Workforces: planning for the future – 1/2
44. Enhancing governance through internal audit44
Workforces: planning for the future – 2/2
[ Back to Hot
Topics 2018 ]
46. Enhancing governance through internal audit46
Evolving the internal audit function – 2/2
Reporting lines for internal audit: report to the Board, Audit
and Risk Committees
Reporting should include:
• a focus on significant control weaknesses and breakdowns
together with a robust root-cause analysis;
• any thematic issues identified across the organisation;
• an independent view of Management’s reporting on the risk
management of the organisation, including a view on Management’s
remediation plans highlighting areas where there are significant
delays;
• at least annually, an assessment of the overall effectiveness of
the governance, and risk and control framework of the organisation,
together with an analysis of themes and trends emerging from
Internal Audit work and their impact on the organisation’s risk profile.
[ Back to Hot
Topics 2018 ]