This issue’s special report – Remixing regulation - focuses on the Basel Committee and internal audit’s central role within bank regulation.
The issue also welcomes new members to the ECIIA’s Corporate Governance Citizen Programme and invites you to join. Through Citizens comes progress.
1. T H E O F F I C I A L M A G A Z I N E O F T H E E C I I A April 2012 . Issue 22
Remixing Regulation
Banking supervisors want internal audit to play
a more central role within bank regulation
Inside: Raising public sector control standards, helping directors
to improve, corporate governance citizens and more
2. 2 NEWS
Getting heard
In organizing the conference we are inspired by the ambition and way
In February 2012, the European to provide potential candidate The debate in the public
of working of top level restaurants. Therefore you should only expect
Commission (Budget DG) for countries with guidance for re- sector, be it at national level or at the best of this conference. We will meet the highest quality standards
the first time published the engineering their public internal EU level, is about how to solve for our conference and galaparty and treat you as our guest.
Compendium of the public control systems where necessary. the sovereign debt and Euro
internal control systems in the “We heartily agree with crises. The conference heard that The à la carte concept: choose yourself
EU Member States 2012. This the European Commission’s deficiencies in the functioning of During the conference we will serve you not only lectures, but we also
provided a structured overview of objectives to analyse PIC systems public internal control were one the have workshops and interactive sessions in which you can actually share
the various public internal control as a valuable way of developing many causes of these problems. experiences with your international colleagues. By looking at how much
(PIC) systems currently being benchmarking tools for identifying Managerial accountability Spanish peppers a session has, you can see how interactive a session
applied by the public sector in each control frameworks for the proper structures and internal control is. With the à la carte concept you can choose your own menu.
of the 27 EU Member States. and efficient management of frameworks are key governance
Make sure you have a table reservation!
The paper presents the so- public resources,” said ECIIA factors determining the quality and
The substantive program, the location in the city of Amsterdam, the
called PIFC concept, which is a president Carolyn Dittmeier. effectiveness of the public sector
good food: we are sure that all these things will truly connect people
model for public internal control The topic was subject to much in managing national budgets, so in a pleasant way. So make sure you have a table reservation!
aligned with international standards discussion at the conference on it is important to get them right.
such as INTOSAI and IIA IPPF, Public Internal Control systems in See this website for Early Bird Discount
and European good practice. It EU Member States that took place both the compendium and Note: You will receive an Early Bird Discount of
can be used by the Commission in Brussels in February 2012. for conference slides. €200,- if you register before 1 May.
For more information click here.
Events Fourth Professional Internal
Auditor Conference in Sofia,
certifications of IIA Global, IT
risks and controls and more.
or to reserve a table click here.
IIA Bosnia and Herzegovina is Bulgaria. The event, “The New ECIIA and IIA Azerbaijan is
organising the 7th International Realities in Internal Audit”, takes hosting a conference, “Internal
Conference of Internal Auditors for place at The Sheraton Hotel audit: realities and perspectives”
Central and Southeastern Europe Balkan, Sofia between 26-27 in May 3-4, 2012 in Baku.
between 10-12 May, 2012 in June, 2012. Presentations will To attend, click here.
Sarajevo, Bosnia and Herzegovina. include: The imminent revision There are also events soon
For the program, click here. of the Standards, updated in Slovenia and Norway.
IIA Bulgaria is hosting its COSO framework, the new
EUROPEAN CONFERENCE AMSTERDAM 2010 12 – 14 SEPTEMBER
European Governance Magazine . April 2012
3. 3 NEWS
ECIIA CORPORATE
Supporting best practice GOVERNANCE
CITIZEN PROGRAMME
Leading organisations in Europe are becoming
increasingly aware that they need to pool their expertise
if they are to meet the challenge of achieving sound
corporate governance practice in a changing world.
The ECIIA is delighted to have welcomed Generali Group
to its Corporate Governance Citizenship Programme. The
business joins Enel and Eni in helping the ECIIA promote
best corporate governance practice across Europe.
The Generali Group is one of the most significant
players in the global insurance and financial products
market. The Generali Group is market leader in Italy and
Assicurazioni Generali, founded in 1831 in Trieste, is the
Group’s parent and principal operating company.
Characterised from the very outset by a strong international We believe in sound corporate
outlook and now present in more than 60 Countries, Generali
has consolidated its position among the world’s leading
governance, doECIIA CorporAtE
you?
GovErnAnCE
insurance operators, with significant market shares in CItIzEn proGrAmmE
THE EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING
western Europe – its main area of activity – and particularly Head Office: c/o iia Belgium – Koningsstraat 109-111, bus 5 - B-1000 Brussels (Belgium)
If you are an organization operating in Europe, facing the constant challenge
PHOne: +32 2 217 33 20 - fax: +32 2 217 33 20 - email: corporate.governance@eciia.eu
in Germany, France, Austria, Spain and Switzerland. It also of applying corporate governance in a dynamic world, and wish to assist ECIIA
has a strong market position in Israel and Argentina. in the promotion of sound principles of corporate governance at a European
level, the ECIIA Corporate Governance Citizen Programme is for you.
The ECIIA supports research, input into the European Union’s governmental
bodies, and knowledge-sharing with business and the public sector.
Together we can achieve more. Through Citizens comes progress.
To become a member, please see our
website www.eciia.eu or contact us at
corporate.governance@eciia.eu
European Governance Magazine . April 2012
4. 4 NEWS
eB
ook
Public standards
The Chartered Institute of Public She was assurance partner at services or agencies directly of pan-European IT systems,
Finance and Accountancy (CIPFA) PWC until 2011, specialising in involved in the management and research platforms or even
and the Chartered Institute of government and the broader delivery of major infrastructural space programmes. They may
Internal Auditors (IIA) jointly public sector, including wide programmes in addition to its concern any policy: energy
launched the UK Internal Audit experience of internal audit. more usual role of reviewing supply, transport, customs
Standards Advisory Board (IASAB) Meanwhile, Pascal Hallez, whether financial EU contributions controls, immigration, food safety,
in March 2012. Internal audit who leads one of the European were spent according to sound nuclear security, pandemic
standard setters aim to develop Commission’s Internal Audit financial management principles management, carbon-quota
UK-wide Public Sector Internal Service units, says that the and in compliance with the rules. management and many others.
Audit Standards (PSIAS). The function has widened its remit. The infrastructural You can read more about
IASAB will provide oversight and
challenge for this process.
The IAS is increasingly auditing programmes are likely to consist the IAS’s role, here.
Don’t Get
The new unified set of internal
audit standards will be based on Stung
Last chance for early-bird conference discount
the mandatory elements of the
IIA’s International Professional by the UK
Practices Framework, and it is conference are available For those who miss the
proposed that they will apply at a discount of €200 for early-bird discount, registration Bribery Act
across the UK to central and delegates who book before will cost €1,250 for members
Leveraging audit analytics
local government and the NHS May 1 – that’s a 16% saving and €1,450 non-members.
(excluding foundation trusts). on the cost for members. There is a special group rate of for compliance testing
Other sectors and jurisdictions The conference, hosted €950 per person for bookings
will be able to adopt PSIAS if by IIA Netherlands, takes of ten or more delegates – but » Download eBook
they choose, and health sector place in Amsterdam on please note that the early-bird
regulator Monitor, the Government If you want to take advantage September 12-14. This year, discount does not apply.
of the Republic of Ireland and of the early-bird discount the conference is designed For more information:
the European Union have also offer on the ECIIA’s European to be highly interactive, so Click here for more: http://
nominated Board observers. Conference 2012, you need delegates can get more www.eciia.eu/events/
Janet Eilbeck was appointed to act fast. Places at the involved in the proceedings. eciia-conference-2012
independent chair of the IASAB.
www.acl.com/bribery
European Governance Magazine . April 2012
5. 5 COVER FEATURE
Remixing regulation
Banking supervisors want internal audit
to play a more central role within bank
regulation, as Arthur Piper reports
Internal auditors are
set to play
a more integral role in ensuring
of the banking crisis in 2007 and
afterwards, the profession has
subsequently considered what role
sound corporate governance in it might be able to play in order to
banks if proposals set out in the prevent such future catastrophes.
most recent guidance by the The document represents the first
Basel Committee on Banking comprehensive overhaul of thinking
Supervision are rubber-stamped. on internal audit by the Committee
The document, The internal since its 2001 paper, Internal audit
audit function in banks, sets out in banks and the supervisor’s
principles aimed at enhancing relationship with auditors.
internal audit’s effectiveness and So what’s new? The Committee
covers everything from the role has taken a stronger stance on the
of the auditor to the function’s independence of the internal audit
relationship with the regulators. function in several of its principles.
While internal audit was seldom For example, principle two states:
directly implicated as the cause “The bank’s internal audit »
European Governance Magazine . April 2012
7. 7 COVER FEATURE
» reinforced just for this cause. In advice and counsel. In order consultation is addressing some annual risk-based internal audit clash with existing regulations.
his letter to the Basel Committee, to maintain its independence, of the issues that constrained the plan that can be part of a multi- “The consultation paper
Richard Chambers, Global IIA’s internal audit should act internal audit function in banks year plan.” He wrote to the shows that there is a need for
chairman, said: “With regard to its as an advisor and not have before the credit crunch.” Committee: “The head of internal harmonisation in respect of the
assurance role to the board, the responsibility for the committee’s Peters says that the UK and audit takes into account audit scope of activity of all banks
internal audit function is meant work. It should also perform Ireland Institute emphasised the risk factors as well as the bank’s since this scope is fundamentally
to provide global assurance to and report on fraud analysis benefits of a risk-based approach risk organisational objectives and different from the regulations that
the board on the internal control and conduct special verification to internal auditing in its own risk management framework, apply in national regulations,”
and risk management systems of potential irregularities. official response to the Basel including using risk appetite it said. “Certain sections of
pertaining to all governance Committee, rather than any regime levels set by management for the the proposed provisions in
objectives. This encompasses Tools that would enable the regulators to different activities or parts of the the consultation paper are in
business control objectives, “The internal audit profession has prescribe the scope and direction organisation. If the framework conflict with the legally foreseen
financial reliability, regulatory developed a lot of tools to help of the function’s activities. He says does not exist, the head of internal powers of senior management
and legal compliance, etc.” banks achieve good governance,” this would allow internal auditors audit will consider perceived and the tasks of the board of
Principle five recommends says Dittmeier, “which was why to focus on the risks they judged risks on the basis of consultation directors in subsidiaries.”
that each bank has an internal we also recommended that the to be of greatest significance with senior management.” One of the potential areas
audit charter that “articulates the Committee enshrine the IIA’s Code of conflict that arises under the
purpose, standing and authority of Ethics and its International Committee’s proposed system is
of the internal audit function Standards for the Professional “The internal audit profession has the role of internal audit and the
within the bank”. Chambers wrote Practice of Internal Auditing regulators. How far is internal audit
that there should be guidance into its principles. That way, we developed a lot of tools to help banks to be an arm for the regulator
on the minimum requirements
for an internal audit charter.
know that everyone is singing
off the same hymn sheet.”
achieve good governance” and how far is it an independent
function within the bank aimed
He suggested that internal “The proposals recognise at ensuring good governance
auditors should at least, provide that internal auditors must be at any one time. “We want to Banks’ response practice? The question drew
information about evolving models given an enhanced status and ensure the balance is effective The banks have also given a intense debate from participants
on governance, risk, control and standing within the banking so that it produces the outcome guarded welcome to the proposals, at the ECIIA’s conference in
compliance (GRCC) to board sector and can play a greater that we all wish to see - better but want to ensure that they are Madrid in 2011 and is still causing
members promote education part in avoiding another banking management of risks,” he says. workable in practice. For example, concern in the financial sector.
of bank personnel on GRCC to crisis,” says Ian Peters, chief The IIA reinforced this concept the European Association of Public “The internal audit function’s
ensure awareness and importance, executive of the Chartered in the letter written by Chambers: Banks and Funding Agencies assurance and advisory role
and attend the bank’s governance Institute of Internal Auditors in “The head of internal audit is wrote to the Committee to say to management must not be
committee meetings to provide the UK and Ireland. “The Basel responsible for developing an that some of its principles may undermined by supervisory »
European Governance Magazine . April 2012
9. 9 FEATURE
Helping directors
to improve
Board directors across Europe are keen to know
more about corporate governance and assurance,
the head of Ecoda tells Neil Baker
If Europe is going to find
a path back to steady
economic growth, it needs
Not only was it unfair to tar all
business leaders with the same
brush, it was counter-productive,
go elsewhere,” warned Sorrell.
The new-found willingness of
politicians to involve themselves
a confident and optimistic Sorrell argued. A “cowed and in complex business affairs – not
corporate sector. But there’s an hobbled” business sector would least corporate governance – is
air of discontent inside many of not create economic growth, jobs something that concerns Patrick
the continent’s boardrooms. Sir or tax revenues. If politicians didn’t Zurstrassen, chairman of the
Martin Sorrell, chief executive change their line of attack, “The European Confederation of
of global advertising giant WPP, alternatives will be to invest and Directors’ Associations (Ecoda), »
caught the mood in a recent
article for a British newspaper.
People were rightly angry about
behaviour in the banking industry,
“There is a need for directors to
he wrote, but politicians were understand governance better,
engaging in “indiscriminate
business bashing” in the belief
from a higher viewpoint, and they Head of Ecoda,
it would win them votes. are eager for this knowledge” Patrick Zurstrassen
European Governance Magazine . April 2012
10. 10 FEATURE
» a body that represents many director can hold, have all and a governance issue such as
of Europe’s leading professional become issues where national the number of posts a director Three lines of defence
bodies for board directors. parliaments, regulators and the can hold. Consequently, he does
There has long been a European Commission have all not support legislation – such The three lines of defence model explains how the
tendency in the media to criticise seen fit to become involved. as that introduced in France various people involved in an organisation’s risk
corporate leaders, Zurstrassen The problem, says Zurstrassen, and Belgium and considered management efforts should work together.
notes. Typical charges are that is that corporate governance is a at a European level for financial The first line of defence is operational managers. They
they put their own interests complex and nuanced area. “We firms – that puts a fixed limit are responsible for assessing, controlling and mitigating
ahead of other stakeholders, pay are concerned about the risk of on the number of posts one risks. The second line of defence is the specialist
themselves stunning rewards an over-reaction on the regulatory director can hold. “That is an departments in the business – such as risk management and
for mediocre performance, and front and the politicisation of obvious over-reaction,” he says. compliance. Their role is to help managers follow good risk
only recruit board members some issues,” he says. “We The amount of time required management practices and to ensure they report the right
to be an effective director will risk-related information up and down the organisation.
vary from one company to The internal audit function is the third line of defence.
“We are concerned about the risk of an another, Zurstrassen argues: Its role is to provide assurance to the organisation’s
over-reaction on the regulatory front “Whether a person can make
sufficient commitment to be
governing body and senior management about how well
the organization is assessing and managing risks, including
and the politicisation of some issues” a director should be decided how well the other two lines of defence are operating.
at the level of every board.”
Regulators or professional bodies
who are just like them. Non- have to accept that we work in might want to issue guidance backgrounds are interested in the rules and expectations in the
executive directors, too, have a society where some business on the topic, but it should be idea of taking a seat on a board. financial sector in particular are
been attacked, usually for failing issues have a political nature for boards to decide what action “Due to the crisis, directorship becoming more detailed and
to challenge senior executives. and need to be dealt with by the best suits their business. might not have the professional rules-based, he argues. This
In the wake of the financial political system, but we prefer Zurstrassen’s wider concern is appeal it had in the past,” he trend isn’t entirely negative – if
crisis, politicians across Europe, the exercise of freedom.” that the willingness of politicians says. “But, as a professional financial firms are working within
from all ideological hues, have Zurstrassen draws a distinction and regulators to dictate body, we have to fight and keep a governance model that is more
seen votes in this debate. between a social issue such as boardroom behaviour might deter attracting people to the role.” tailored to their needs, that is a
Corporate governance issues gender equality – where he does experienced business people from There is already a trend good thing, Zurstrassen believes.
such as executive pay, gender accept that political action may becoming board directors. He has for directors to specialise in “These businesses work in a
equality in the boardroom, and be appropriate, although it is not already noticed that not enough increasingly narrow business different regulatory framework and
the number of posts a single something Ecoda advocates – people from audit and legal areas, he says. The governance have different social »
European Governance Magazine . April 2012
11. 11 FEATURE
it does make life more difficult members launches a training lines of defence” model of
About Ecoda for board directors at companies
that operate across borders,
initiative aimed at directors,
“the demand has always been
risk management and internal
control (see sidebar). This will
The European Confederation of Directors’ Associations is a or that need to understand higher than the supply,” he says. be especially useful to audit
not-for-profit association based in Brussels. It was founded in what good governance looks “There is a need for directors to committee members, which is
December 2004 and represents ten national director associations, like in other parts of Europe. understand governance better, a priority, says Zurstrassen.
including the British Institute of Directors, the Belgian Guberna Since 2010, Ecoda has run from a higher viewpoint, and they The European Commission’s
and the French Institut Français des Administrateurs. Its mission professional training courses to are eager for this knowledge. forthcoming governance directive
is to promote corporate governance at large, to promote the role help directors to deal with this We don’t know the limits, the is likely to say more about the
of directors towards shareholders and corporate stakeholders, challenge. The aim is to help depths of demand. But we know technical knowledge expected
and to promote the success of its national institutes. participants benchmark their that whenever we provide more of directors who sit on audit
For more information: www.ecoda.org own board and governance supply, the demand is there.” committees. “Not all directors
practices with those of similar Europe needs better trained have a background in auditing
companies in other European and more informed directors, or finance, so we want to help
» responsibilities, so governance pay and diversity – and these countries. The courses also Zurstrassen says, and Ecoda them with guidance on the role
needs to be done differently.” would introduce a level of provide an expert briefing on the has an important role to play of the audit committee, what a
But it does mean that new consistency across Europe, key policy issues and regulatory in that regard. It has already best practice committee looks
directors need more time to when and if they are adopted changes in European corporate produced guidance for directors like, and how it should work
get up to speed, and it can into national laws or codes of governance. “The programme of unlisted companies and for with both internal and external
deter those from outside practice. But in the meantime, has been very successful,” audit committee members. audit,” he says. “Working with
the sector – who can bring increased national-level political says Zurstrassen. “We’ve had One of its next projects is the ECIIA will help us to give
valuable and diverse business and regulatory action is creating people coming from all countries, a joint initiative with the ECIIA. directors the practical insights
experience – from becoming more of a patchwork approach learning from each other and The goal is to provide guidance they need to perform their
involved. However, the core to governance across Europe. sharing their experiences.” for directors on the “three role more effectively.”
principles of what the board is This is not necessarily a Ecoda is looking at extending
for, and what makes a director concern, says Zurstrassen. the programme next year.
effective – providing oversight, The European Commission The success of the
transparency and a balance of
interests – apply across industry
long ago ruled out the idea of
trying to create a pan-European
programme reflects the fact that
directors across Europe are taking
“Due to the crisis, directorship might
sectors, Zurstrassen argues. corporate governance code. a more professional view of their not have the professional appeal it had
The European Commission
has several governance-related
Differences in company law and
business culture would make that
role, and are eager for training
opportunities, Zurstrassen says.
in the past. We have to fight and keep
initiatives in the pipeline – on impossible, Zurstrassen says. But Whenever one of Ecoda’s national attracting people to the role”
European Governance Magazine . April 2012
12. Our mission
Director of the publication
Carolyn Dittmeier
Editor
Arthur Piper
» To be the consolidated voice for the profession of internal auditing in arthur@sdw.co.uk
a widely defined Europe by promoting sound corporate governance Direct 0115 958 2024
with the European Union, its Parliament and Commission and Produced by
any other European or global institutions of influence. Smith de Wint for the ECIIA
» To promote corporate governance and the profession in Smith de Wint
economically emerging countries, as appropriate, within the 95 Harlaxton Drive
wider geographic area of Europe and the Mediterranean basin. Lenton, Nottingham
NG7 1JD
» To promote the mission of the Global IIA. www.sdw.co.uk
Views and opinions presented in
IIA Austria www.internerevision.at IIA Italy www.aiiaweb.it this newsletter are the writers and
IIA Azerbaidjan www.audit.gov.az IIA Latvia www.iai.lv do not necessarily represent the
IIA Belgium www.iiabel.be IIA Lithuania www.theiia.org/chapters official positions of ECIIA.
IIA Bosnia and IIA Luxembourg www.theiia.org/chapters
Herzegovina www.interni-revizori.info IIA Montenegro www.iircg.co.me
IIA Bulgaria www.iiabg.org IIA Morocco www.theiia.org/chapters
IIA Croatia www.hiir.hr IIA Netherlands www.iia.nl
IIA Cyprus www.iiacyprus.org.cy IIA Norway www.nirf.org
IIA Czech www.interniaudit.cz IIA Poland www.iia.org.pl
IIA Denmark www.iia.dk IIA Portugal www.ipai.pt
IIA Estonia www.theiia.org/chapters IIA Romania www.aair.ro
IIA Finland www.theiia.fi IIA Serbia www.theiia.org/chapters
IIA France www.ifaci.com IIA Spain www.iai.es
IIA Germany www.diir.de IIA Sweden www.internrevisorerna.se
IIA Georgia www.theiia.org/chapters IIA Switzerland www.svir.ch
IIA Greece www.theiia.org/chapters IIA Tunisia www.iiatunisia.org.tn
IIA Hungary www.iia.hu IIA Turkey www.tide.org.tr
IIA Iceland www.fie.is IIA UK & Ireland www.iia.org.uk
European Confederation of
Institutes of Internal Auditing
Koningsstraat 109-111 Bus 5
BE – 1000 Brussels, Belgium.
www.eciia.eu