Actualiteit

The Basel Committee on Banking Supervision (BCBS) strengthened capital adequacy guidelines following several global financial crises. If observed, banking institutions should be able to absorb the volatility of potential credit, market, and operational risks in the wake of another serious market shift. This new practice guide, developed for financial services auditors but useful to any auditor working with statistical models and capital, focuses on how to provide assurance that an institution is well capitalized to meet the guidelines and prepared for cyclical business changes. This guide will help readers understand, measure, and assess the appropriateness and completeness of an institution’s capital planning process. Topics include: How to evaluate whether capital processes support the institution’s stated risk appetite. Strategies and methods to model credit, market, and operational risk. Audit tools and techniques. This is for members only. To access it and other valuable resources, become a member today.

Potential improvements are presented to the auditee by means of a recommendation mainly based on an audit finding. An audit report generally includes the management action defined as a response to the recommendation, together with a due date and an action owner. Every internal audit function should have a process for monitoring follow-up on implementation of management actions. This can be an indicator for the Internal audit function’s effectiveness. This paper relates specifically to the followup of findings and recommendations issued by internal audit, not those identified by first or second line of defence functions. It can also be applied to actions taken in response to issues identified by regulators or external auditors. Implementation of management actions is a first line or second line of defence responsibility. However, in case of insufficient implementation of management actions, the Internal audit function should investigate and document the reason. Therefore, a well-established follow-up monitoring process is crucial to evaluate an internal audit’s effectiveness.

The internal audit function has an important role to play in providing assurance over the effectiveness and security of key processes outsourced from banks to third parties. It is crucial that key stakeholders, including management, the board and the bank’s supervisors can place reliance on the work of internal audit in respect of the risk management of third parties, while at the same time maintaining a reasonable expectation of the extent of the internal audit function’s responsibilities in this area. This paper sets out the view of the ECIIA Banking Committee (the Committee) on best practices that could be adopted by internal audit functions in respect of the audit of externally outsourced services. 

The objective of this position paper is to provide guidance to the audit departments of banking groups to assist in delivering consistent and adequate levels of assurance across the group, while considering both group and subsidiary regulatory requirements, with the intention of fostering consolidated supervision across the group. The primary principle outlined within this paper is that the group internal audit function is accountable for overseeing audit activity throughout the group. This view is aligned to that expressed in the Basel Committee’s guidance on internal audit (BCBS 223).

To manage risks effectively is an essential part of good corporate governance. An important role of each organisation is to identify all business risks and uncertainties which the organisation faces, quickly implementing risk mitigating measures and enhancing the system of internal controls. The internal audit function, as an essential part of the corporate governance framework, provides independent assurance that those risks have been properly managed. As the global business environment and its financial and regulatory requirements have become more complex, users of the audited processes have been calling for more pertinent information for their decision making. The rapidly evolving environment (e.g. digitalisation of services, sustainability, information technology) and a shortening life cycle of products requires organisations to embrace change. Agility and a short response time are critical to survival. This leads to new/enhanced risks which the organisation has to deal with and a new risk appetite. To be able to provide an assurance to senior management in a short time period, it is necessary to focus the audit plan on current and future risks and provide a risk-based approach for audit planning.