• No results found

Internal Audit Function in Large Financial Institutions

N/A
N/A
Info
Downloaden
Protected

Academic year: 2022

Share "Internal Audit Function in Large Financial Institutions"

Copied!
10
0
0

Bezig met laden.... (Bekijk nu de volledige tekst)

Download het nu ( 10 pagina )

Hele tekst

(1)

Internal Audit Function

in Large Financial Institutions

An International Benchmarking Survey

December 2013

(2)

 Under this project, conducted by IIA Spain, leading banks of a similar large size around the world were invited to participate in a survey on how they deploy their internal audit functions

 There were eleven respondents: Banco Santander, Barclays, BBVA, BNP PARIBAS, HSBC, ING Bank, Intesa Sanpaolo SpA, Nordea Bank AB, Société Générale, The Bank of Tokyo Mitsubishi UFJ, Ltd. and UniCredit SpA

 The project evaluated the following :

• Thestructureof internal audit functions.

• Human Resources policies for internal audit (rotation, training and skills).

• Current and future strategic risks.

• Internal audit methodologies (universe, Risk Assessment and planning).

• The execution of audits (branches, fraud analysis and continuous auditing).

• Consultancy assignments.

The study

(3)

Number of internal auditors and total staff of the company, organization and internal structure.

 The average ratio of the IA staff to total employees is 0.67%.

 All respondents organize their Internal Audit departments/areas by type of

business. Some also include geographical criteria and types of organizational risk (82% and 27% respondents, respectively).

Main conclusions - structure of the IA function (1/8)

0,35% 0,36% 0,44% 0,50% 0,53% 0,54% 0,58%

0,67% 0,75%

0,97% 1,04%

1,32%

0,00%

0,20%

0,40%

0,60%

0,80%

1,00%

1,20%

1,40%

1 2 3 4 5 6 7 Average 8 9 10 11

ENTITIES

Internal Auditors/ Staff Size

(4)

Organizational internal structure

 Those who have a decentralized model assign between 7% and 50% of their staff to corporate functions.

Main conclusions - Structure of the Internal Audit function (2/8)

45% 55%

INTERNAL AUDIT FUNCTION CENTRALIZED OR DECENTRALIZED STRUCTURE

Decentralized model Centralized structure

50

20 20 7

23

30

0 10 20 30 40 50 60

1 2 3 4 5 6

%

% OF THE STAFF BASED AT THE CORPORATE/HQ FUNCTIONS

(5)

 55% have specific programs for the internal and external rotation of auditors.

 The annual training hours per auditor ranges from 15 to 80, averaging 52.

 The majority (55%) have established a specific policy for achieving professional qualifications. 40%(1) of the entities include this policy within career plans.

Main conclusions – Human Resources policies (3/8)

80

70 68

65

56 52

49

40 40 40

15

0 10 20 30 40 50 60 70 80 90

(6)

 The average percentage of internal auditors with professional qualifications is 40%.

Main conclusions - Human Resources policies (4/8)

95%

77%

52% 50%

40% 40%

13% 13%

10% 10%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

(7)

Main conclusions - Human Resources policies (5/8)

0 1 2 3 4 5 6 7 8 9

Communication Analytical and critical mindset Understanding of organization’s strategy and business model Act as a change agent Analysis and data retrieval Knowledge of audit standards Sector specific knowledge Teamwork Cibersecurity and privacity Continuous improvement mindset Flexibility/adaptability Leadership

The most relevant skills in the medium and long-term for internal

auditors

(8)

How internal audit’s focus on risks is likely to change over the next 3 years.

Main conclusions - current and future risks (6/8)

 Strategic, reputational and conduct risks are expected to experience a significant increase in the next three years

Information Technology Security and Data privacy Anti-Money Laundering Credit and Counterparty Risk Operational Risks Other regulation and government policies Conduct Risk Fraud & Ethics Reputational Risk Capital requirements Liquidity Risk Accounting Risk, SOX and financial reporting controls Legal Risk (including taxation) Market and Structural Risk New product introductions Strategic Risk Other Risks Merger, acquisitions and JVs

Current and future Risks

Next 3 years Currently

(9)

Construction of the audit universe.

 In general, the banks built their audit universe on the basis of business, processes and risks, as well as legal and auditable entities.

 46% of the entities review the audit universe annually. The rest do this more frequently (36% every 3 months and 18% every 6 months).

Risk Assessment: frequency of updates, type of risks considered and discussion with other bank functions.

 The majority of respondents (55%) update their Risk Assessment annually. The rest update it more frequently (27% every 3 months and 18% every 6 months.

 The risks taken most frequently into account for their Risk Assessment are:

regulatory/compliance, market, credit, operational and technological.

 In 82% of the cases the Risk Assessment is discussed with other bank functions.

Main conclusions - methodology (7/8)

(10)

Internal Audit plan: frequency of updates and revision, and time horizon.

 All respondents have a risk-based audit plan.

 46% update their audit plan annually. The majority do this (54%) more frequently (27% every 3 months and 27% every 6 months).

 Half review their audit plan annually. The other half does so more frequently (30% every 6 months and 20% every 3 months).

 Nearly two thirds (64%) have audit plans that run for 12 months. The rest cover periods of 24 and 60 months.

Audits on branches and fraud analysis.

 73% carry out branch audits and fraud analysis.

Continuous auditing

 55% of respondents carry out continuous audits mainly focused on branches.

 80% use massive data processing tools in audit work Consultancy assignments.

 The majority of respondents (82%) do not perform consulting.

Main concl. - branch audits, fraud, continuous auditing and consulting (8/8)

In all cases the internal audit function follows Global IIA Standards

Referenties

Download het nu ( PDF - 10 pagina - 681.83 KB )

GERELATEERDE DOCUMENTEN

Exploratory study on methods and data for the Dutch National Risk Assessment of money laundering and terrorist financing Summary

Swedish Companies Registration Office, The Swedish National Council for Crime Prevention, The Swedish Economic Crime Authority, The Swedish Estate Agents

Risks of money laundering and the financing of terrorism in the gambling sector

The conclusion is that the vulnerability of the segments 'lotteries', 'gambling arcades' and the state-regulated sport betting is low, based on the low or limited opportunities for

National Risk Assessment on Money Laundering Summary

The initial NRA gave insight in the ten risks that experts believe to have the most significant potential impact and in the resilience of the policy instruments available for

Dutch National Risk Assessment on Money Laundering 2019

 Despite their knowledge of certain parts of the field, it was difficult for some experts to make a proper quantitative assessment of the criteria for determining the

Operational risk exposures And

Determining the main business lines and operational risk categories for exposure is done by historical loss data as a substitute for exposures, based on the present

Cost efficiency and Credit risk

For Chinese commercial banks at a different bank-type level, the estimation of inter-temporal relationship between cost efficiency and credit risk gives no evidence to

Counterparty Risk

Looking more closely per customer type, the results show that traders are aware of a higher risk profile of trading houses and distributors and use more risk mitigating

Counterparty credit risk in credit default swap market ☆

As we can see in Table 3, the pricing effects on average are very small and vary distinctly among dealers: (1) the average coefficient of 13 dealers is 0.01038, which