A N N U A L R E P O R T D I G I T A L E D I T I O N 2 0 1 9 - 2 0 2 0

(1)

A N N U A L R E P O R T

D I G I T A L E D I T I O N 2 0 1 9 - 2 0 2 0

P R E S E N T S

(2)

C O N T E N T M A P

M A N A G E M E N T B O A R D P A C C B A N K I N G C O M M I T T E E I N S U R A N C E C O M M I T T E E E U R O S A I S U B - C O M M I T T E E G D P R W O R K I N G G R O U P P U B L I C S E C T O R C O M M I T T E E

1 0 1 1 1 2 1 3 1 4 1 4 1 5

1

A M E S S A G E F R O M O U R P R E S I D E N T

0 3

2

A M E S S A G E F R O M S E C R E T A R Y

G E N E R A L

0 4

3

P R O J E C T F O R A G R E E N E U R O P E

0 5

4

A E U R O P E F I T

F O R T H E D I G I T A L

A G E

^{0 7}

5

O V E R V I E W O F T H E Y E A R

0 8

6

P R E S E N T A T I O N O F T H E

C O M M I T T E E S

1 0

7

O U R M I S S I O N

1 6

(3)

This year has been special for every- one and all businesses!

This pandemic crisis is changing the way internal auditors work and add value to the organisation.

More than never, the Audit Committees are looking for an exhaustive vision of the risk management and the gover- nance aspects. It includes much more than just the financial aspects: envi- ronment, social, governance, sustain- ability, ethics, diversity, technology,….

but also value creation.

It is time to coordinate the efforts with the other “assurance providers” (inter- nal and external) and develop a holis- tic and exhaustive view for the Gover- nance Bodies. The 3 C: Communication, Collaboration and Continuous im- provement are important as organisa- tions may not accept “silos” anymore.

In this context, the profession can play an important role in assisting the Gov- ernance Bodies in their new duties and helping them getting risks under con- trols. By their expertise, internal audi- tors give an independent and objective opinion about the way the organisa- tion may react to new risks, new crisis and adapt. If they work with the other lines in a collaborative manner, they can cover all the processes and give assurance on any new subject arising.

The European Regulators have under- stood these challenges and have kept the same priorities, despite the pan- demic, for 2020: sustainability, digital- isation.

Each Regulator has also worked on

new plans to assist the businesses facing this unplanned crisis and get- ting prepare for new ones.

The upcoming months will be interest- ing as many consultations are running at European level that might impact the profession: new Directive on Non- Fi- nancial Reporting, revision of AML reg- ulation, publication of ESG reporting in the financial sector, review of Solvency II, Directive for artificial intelligence.

Finally, I am pleased that ECIIA has been able to adapt its services to members by going virtual and I take the oppor- tunity to thanks all the volunteers that have worked with us and the staff.

I wish to everyone a lot of success in adapting to the new normal and keep- ing safe!

T H I E R R Y T H O U V E N O T

L E T T E R F R O M T H E

P R E S I D E N T

(4)

The new Von der Leyen Commission has implemented new working hab- its with the issue of consultations for roadmaps before any regulation change consultation. It has given the opportunity to ECIIA to explain the role of internal audit in the new corporate governance, in debates with various stakeholders.

All European Regulators have put ESG in top priorities for defining the strate- gy of the organisation, managing busi- nesses, and reporting to the various stakeholders. Trust, accountability, social and environmental responsibil- ity, sustainability are top priorities in Europe and the profession has an im- portant role to play in the assurance process.

Digital Europe is the other target that will impact the profession.

To be more effective, ECIIA is organis- ing webinars, virtual discussions with the Regulators and the stakeholders. It gives us more opportunities to express our opinion and to hear “best practic- es” from European CAEs.

This year, we have been more active on social media and it has strengthened the communication of the European news impacting the profession.

We have also moved to a new location and created, with ecoDa, the Corporate Governance House to pool energies as much as possible, share on major is- sues of mutual interest and support each other while preserving our inde- pendence and own objectives.

ECIIA has maintained regular exchang- es with the main stakeholders and con-

ducted common projects with Ferma (on GDPR), with ACCA (on non financial reporting), with EUROSAI (on non fi- nancial reporting in the public sector).

Finally, ECIIA has started a project to offer a digital platform to the volun- teers (committees, workgroup mem- bers) and to the members.

Last but not the least, ECIIA has start- ed a strategic reflexion to increase the

“advocacy” impact and improve the

“connection” with the members.

It has been a challenging year and we thank all the members for their sup- port!

P A S C A L E V A N D E N B U S S C H E

L E T T E R F R O M T H E

S E C R E T A R Y G E N E R A L

(5)

Increasing the EU’s Climate Ambition for 2030 and 2050

Supplying clean, affordable and secure energy

Mobilising industry for a clean and circular economy

Building and renovating in an energy and resource efficient way

Accelerating the shift to sustainable and smart mobility

From ‘Farm to Fork’: a fair, healthy and environmentally friendly food system

Preserving and restoring

ecossystems and biodiversity A zero pollution ambition for a toxic free environment

P R O J E C T F O R A G R E E N E U R O P E

Projects for a “greener” Europe are at the forefront of the EC minds and targets to ensure a sustainable future for our world. By 2050, the main European objective is to enshrine climate neutrality into law and to have an overall emissions reduction of 55% by the year 2030.

Europe must become a world leader in the circular economy and has developed in March 2020 a circular economy action plan, focuses on the use of resources being more sustainable.

A European Climate Pact has been launched, it brings civil society, industry, local communities and schools together to facilitate the transition into a “greener” Europe;

potentially through the use of green bonds and EU-level tax initiatives.

Transforming the EU’s economy for a sustainable future.

The European

Green Deal

(6)

Sustainable finance is becoming increasingly important towards the issues of climate change, and thus environmental accounting principles are being heavily promoted, with the aim of a charter being signed by CEOs and Board Members by 2025. A Sustainable Europe Investment Plan has also been proposed as a main strategy for “green” and sustainable finance, by turning European investment banks into European climate banks

The Sustainable finance action plan has been implemented during the last 12 months:

The current plan, with the new context, requires a more ambitious and comprehensive strategy.

EU moves towards climate neutrality and steps up its fight against environmental degradation. The financial sector has made big progress, but the transition must be accelerated to achieve 2030 & 2050 targets. It includes the need to prioritise green investments in the new Solvency Support Instrument.

It is necessary to focus on real economy, corporates, and public authorities, not just the financial sector, to facilitate the transition to Green globally.

Covid 19 impact and the need for a green recovery will prevent a new pandemic in the future.It includes initiatives on sustainable corporate governance to ensure environmental and social interests are embedded into business strategies.

Application of Disclosure Regulation and RTS as from March 2021.

Transforming the EU’s economy for a sustainable future.

The Action Plan on financing sustainable growth

Disclosures by financial market participants on sustainability

The final report on EU taxonomy,

developed by the Technical Expert Group (TEG) on Sustainable Finance, contains

recommendations relating to the overarching design of the Taxonomy, as well as guidance on how companies and financial institutions can make disclosures using the taxonomy. It includes tools to help users of the Taxonomy to implement it in their own activities.

Taxonomy

Standards and Labels for

sustainable financial products:

Technical advices developed by TEG.

Legislative framework approved for the

development of climate benchmarks and ESG disclosures for benchmarks; and applicable from 2020 on climate and 2021 on ESG.

Benchmarks

Corporate sustainability disclosures:

Review of the Non-Financial Reporting Directive planned at the beginning of 2021.

The Renewed Sustainable finance Strategy and Green Recovery to

be defined end 2020

(7)

A E U R O P E F I T F O R T H E D I G I T A L A G E

Transforming the EU’s economy for a sustainable future.

Become a global role model for the digital economy Support developing economies in going digital Develop digital standards

There needs to be more focus and discussion about digital issues and subjects such as cybersecurity and data protection, to ensure that Europe has evolved, and is thus fit for a digital age.

The EU aims to:

A Europe fit for the Digital Age

Excellence and trust Artificial Intelligence:

The European Data Strategy:

New cybersecurity strategy:

The European Data Strategy will make more data available for use in the economy and society, while keeping those who generate the data in control

Data protection as a pillar of citizens’

empowerment and the EU’s approach to the digital transition - two years of application of the General Data Protection Regulation. The report recommends more harmonisation in Europe and clearer definitions.

The new Cybersecurity Strategy will look at how to boost EU-level cooperation, knowledge and capacity.

It will also help Europe strengthen its industrial capabilities and partnerships, and encourage the emergence of SMEs in the field.

This will accompany the review of the Directive on Security Network Information System (NIS) and a proposal for additional measures on critical Infrastructure Protection. the review is planned for the end of 2020.

The review of the Directive includes:

Assessing whether cybersecurity has improved across the EU

Identifying existing and emerging issues

Identifying and quantifying the regulatory costs and benefits.

The EU wants to give trust, excellence, and confidence to embrace the new technologies while encouraging businesses to develop them.

High risks artificial intelligence (critical use in critical sectors) will be subject to strict rules (compliance tests, controls, sanctions) and other artificial intelligence applications will use voluntary labelling.

A consultation has been performed aiming to

promote the uptake of artificial intelligence

while at the same time, addressing the

risks associated with its use, the European

Commission has proposed a white paper with

policy and regulatory options “towards an

ecosystem for excellence and trust”.

(8)

ECIIA has reacted to the DG Fisma consultation on the revision of the non-financial reporting directive.

O V E R V I E W O F T H E Y E A R

ECIIA has released a report on Auditing Cybersecurity within Insurance firms. Internal Audit plays a vital role in the provision of assurance regarding the efficiency and effectiveness of the key cybersecurity processes and controls in insurance and reinsurance undertakings. Key stakeholders such as Management and the Board rely on the work of Internal Audit in regard to cyber-related risks.

This position paper aims to set out the view from the ECIIA Insurance Committee and intends to provide guidance to Chief Audit Executives (CAEs) in the Insurance sector in regard to the audit of cybersecurity. Cyber risk is important, in light of the recent increase of cyberattacks and the new European Regulations: General Data Protection Regulation and the Network and Information Systems Directive in 2018.

P U B L I C A T I O N

I N S U R A N C E C O M M I T T E E

Auditing Cybersecurity within Insurance firms

B A N K I N G C O M M I T T E E

Skills and Staff rotation in

the Internal Audit Function in financial institutions

A paper discussing the skill and staff rotation in the Internal Audit Function (IAF) in financial institutions has been published by the ECIIA Banking Committee. The position paper aims to provide guidance to the Internal Audit departments of financial institutions, addressing the following: skills inventory, assess ment and development; staff rotation and talent management.

GDPR & Corporate

Governance: The role of Internal Audit and Risk

Management One year After Implementation

P A C C

ECIIA and the Federation of European Risk Management Associations (FERMA), collaborated in a new publication entitled

“GDPR and corporate governance: The Role of Internal Audit and Risk Management One Year After Implementation”. The paper focuses on the impacts of the GDPR on corporate governance practices in the year following its implementation. Most specifically, it looks at the roles played by internal audit departments and risk management functions. The findings in this paper are based on analysis of two anonymous web-based surveys and interviews of selected GDPR stakeholders from various industries throughout Europe.

Keeping the Internal Audit Function Aligned

The ECIIA Insurance Committee has published a new thought paper, Keeping the Internal Audit function aligned with evolving stakeholders expectations: methodology and application for the insurance industry. This thought paper aims to highlight that in order to stay relevant, Internal Audit functions have to transform in alignment with the industry and insurance undertaking in which they operate. It introduces an easy-to- apply method to develop transformation goals, expected progress with relevant stakeholders and includes examples of key performance indicators (KPIs) from the insurance industry.

Revision of the Non-Financial Reporting directive

P A C C

C O N S U L T A T I O N ECIIA has reacted to the DG Fisma consultation on the revision of the non-financial reporting directive.

This consultation follows the fitness check carried in 2018 that identified the following problems:

There is inadequate publicly available information about how non-financial issues and sustainability issues impact companies and how companies themselves impact society and the environment. Companies incur unnecessary and avoidable costs related to reporting non- financial information. they also face uncertainty and complexity when deciding what non- financial information to report.

In its communication on the European Green Deal, the Commission committed to review the Non-Financial Reporting Directive in 2020. The current expected date for the publication of the new Directive is Q1-2021. ECIIA’s opinion is that internal audit plays a central role in the assessment of governance, risk and control and has an important contribution to make to the policy debate on this front, specially in the aspects related to assurance. Stakeholders need to be confident about all the elements of Non-Financial Reporting and it can only be provided by a strong assurance framework and a clear governance process.

There is no one size fits all solution, but each company should implement the right framework and inform the stakeholders. The 3 lines can help them in this exercise.

In this context, we recommend integrating this dimension in the revision of the Directive and to further elaborate on the assurance framework (internal and external).

ECIIA’s reaction: consultation on the white paper on

artificial intelligence

P A C C

C O N S U L T A T I O N ECIIA has reacted to the public European Commission consultation on the white paper on artificial intelligence: a European approach. ECIIA main recommendation is about AI governance that establishes accountability and oversight, helps to ensure that those responsible have the necessary skills and expertise to effectively monitor AI activities that result in decisions and actions in line with the ethical, social, and legal responsibilities of the organisation. Therefore, it is important to include this aspect in the

“European best practices” and there is no one size fits all solution, but each company should implement the right framework and inform the stakeholders. The 3 lines can help them in this exercise.

Climate related guidelines

In January 2019, the Technical Epert Group on sustainable inance published its report on climate related disclosures and recommended for the update of the Commission’s non binding guidelines on Non-Financial reporting, with regard to climate related issue. ECIIA has reacted to the consultation to welcome the approach providing specific disclosure and guidance for each element of the Non-Financial Reporting, we also epress the need to include a governance dimension in the guidelines.

C O N S U L T A T I O N

P A C C

(9)

O V E R V I E W O F T H E Y E A R

ECIIA has organised 3 webinars to exchange on the impact o covid 19 in the audit process, in the management of the team and in the relations with the Regulators, Supervisors.

W E B I N A R

The impact of COVID-19 for internal auditors in the Banking Sector

ECIIA will organise a third edition of the European Forum with the European Banking Regulator and Supervisor.

The event will be virtual and will take place on Thursday 29 October. There will be two sessions and it will be an opportunity to share experiences and common challenges of the internal audit profession in the banking sector.

W E B I N A R

The impact of COVID-19 for internal auditors in the Insurance Sector

I N S U R A N C E C O M M I T T E E P A C C

The European Lab (EFRAG) has launched a consultation about its future projects topics and their priority and ECIIA has participated to the consultation and to the discussions about the priorities. EFRAG has decided to start with the project on Reporting of non financial risks and opportunities

C O N S U L T A T I O N

Future projects EFRAG

Banking Forum 2020

E V E N T

ECIIA will organise a third edition of the European Forum with the European Banking Regulator and Supervisor.

The event will be virtual and will take place on Thursday 29 October. There will be two sessions and it will be an opportunity to share experiences and common challenges of the internal audit profession in the banking sector.

The impact of COVID-19 for internal auditors in the Public Sector

P U B L I C S E C T O R C O M M I T T E E

W E B I N A R

Webinars have been organised to discuss about Covid 19 impact and a small publication has been issued.

GDPR & Corporate

Governance: The role of Internal Audit and Risk

Management One year After Implementation

G D P R W O R K I N G G R O U P

W E B I N A R

ECIIA and FERMA have co-organised a live webinar about the recent project, “GDPR &

Corporate Governance: The role of Internal Audit and Risk Management One year After Implementation”.

(10)

P R E S E N T A T I O N O F T H E C O M M I T T E E S

M A N A G E M E N T B O A R D

President

I I A L U X E M B O U R G Q U I N T E T ( I U ) C A E

Thierry Thouvenot

I I A F R A N C E

Philippe Mocquard

I I A G E R M A N Y

Jens Motel

I I A U K & I R E L A N D

Paul Manning

I I A S P A I N

Manuel de Alzua

I I A I T A L Y

Massimiliano Turconi

I I A S W I T Z E R L A N D

Vice-President & Treasurer

Gabrielle Rudolf

van Rohr

I I A C Z E C H R E P U B L I C

Tomáš Pivoňka

I I A F I N L A N D

Kristiina Lagerstedt

I I A G R E E C E

Verra Marmalidou

(11)

P U B L I C A F F A I R S C O O R D I N A T I O N C O M M I T T E E

I I A I T A L Y

Roberto Fargion

Jens Motel

Gavin Hayes

Chair

Thierry Thouvenot

I I A S P A I N

C H A I R E C I I A / E U R O S A I C O M M I T T E E

Soledad Llamas

I I A S P A I N

Manuel de Alzua

Melvyn Neate

E C I I A

Pascale

Vandenbussche

I I A S P A I N

Gabriela

González-Valdés

(12)

I I A N E T H E R L A N D S

Willem-Jan Megens

Chair

I I A D E N M A R K N O R D E A ( D K ) C A E

Jamie Graham

Vice-Chair

Thierry Thouvenot

C O M M E R Z B A N K ( D E ) C A E

Andrea Bracht

I I A S W I T Z E R L A N D C R E D I T S U I S S E ( C H ) C A E

Rafael

Lorenzo Lopez

S O C I É T É G É N É R A L E ( F R ) C A E

Pascal Augé

Pascale

Vandenbussche Serenella de Candia

I I A I T A L Y

U N I C R E D I T G R O U P ( I T ) C A E

Ernesto

Martinez Gomez

I I A S P A I N

B A N C O S A N T A N D E R ( E S ) V I C E P R E S I D E N T G R O U P I A

(13)

1 Hervé Gloaguen has chaired the committee until May 2020.

Chair

¹

I I A U K & I R E L A N D L & G ( U K ) C A E

Stephen Licence

I I A S W E D E N A M F ( S E ) C A E

Ann Marie

Andtback Beckman

I I A S W I T Z E R L A N D Z U R I C H ( C H ) C A E

Martin Studer

I I A A U S T R I A U N I Q A ( A T ) C A E

Manfred Schuster

A X A G R O U P ( F R ) C A E

Amaury

De Warenghien

I I A S P A I N

M A P F R E ( E S ) C A E

Maria Luisa

Gutierrez

I I A I T A L Y

G E N E R A L I ( I T ) C A E

Nora Guertler

Pascale

Vandenbussche

E C I I A

(14)

P R E S E N T A T I O N O F

T H E C O M M I T T E E S P R E S E N T A T I O N O F

T H E C O M M I T T E E S

Chair

I I A S P A I N

C A N A L D E I S A B E L I I H E A D I A , R M , I C

Soledad Llamas

Chair

Charlotte Gabet

E U R O S A I S U B - C O M M I T T E E G D P R W O R K I N G G R O U P

Melvyn Neate

I N D E P E N D E N T B O A R D M E M B E R

Pascale

Vandenbussche

I I A S P A I N

Manuel de Alzua

I I A S P A I N

Javier Faleato

(15)

Chair

I N D E P E N D E N T B O A R D M E M B E R

Melvyn Neate

P U B L I C S E C T O R C O M M I T T E E

E C I I A

Pascale

Vandenbussche Jens Motel

I I A G E R M A N Y B A

Massimo Proietti

I I A I T A L Y

P O L I G R A F I C O E Z E C C A D E L L O S T A T O I T A L I A N O

Jo Rowley

I I A U K & I R E L A N D G I A A

Soledad Llamas

I I A S P A I N

C A N A L D E I S A B E L I I H E A D I A , R M , I C

Niina Sipiläinen

I I A F I N L A N D

M I N I S T R Y O F S O C I A L A F F A I R S A N D H E A L T H

Stephan Roudil

I I A F R A N C E C H A I E

Tomáš Pivoňka

I I A C Z E C H R E P U B L I C C E Z

Patrick De Boom

I A S E U R O P E A N C O M M I S S I O N

(16)

The Association intends to be the consolidated voice for the profession of internal auditing in Europe and to promote the role of internal audit and good corporate governance by dealing with the European Union, its Parliament and Commission and any other European Regulators and associations representing key stakeholders. It has a non-profit making purpose.

O U R M I S S I O N

(17)

Our Team:

Pascale Vandenbussche ECIIA Secretary General

Carolina Baltazar

Communication & Marketing

email info@eciia.eu

phone +32 2 217 33 20 twitter @EciiaInfo

D E S I G N E D B Y P E D R O M I G U E L X A R E P E