Internal Audit within the Financial Services Authority James Glass Director, Business Review and Audit Division
Financial Services Authority Financial Services and Markets Act FSA vision: “The FSA aims to be a world-leading regulator, respected for its effectiveness, integrity and expertise” Statutory objectives maintaining confidence in the financial system promoting public understanding of the financial system securing the appropriate degree of protection for consumers reducing the risks of financial crime
Which must be pursued in line with a set of ‘principles of good regulation’ economy and efficiency in the use of resources recognising the responsibilities of management acting proportionately recognising the value of innovation and competition the international character of the UK’s financial markets
Statutory objectives fulfilled by strategic aims Maintaining efficient, orderly and clean financial markets Helping retail consumers achieve a fair deal Making the FSA a more efficient organisation
To whom are we accountable? Parliament H M Treasury Treasury Select Committee FSA BOARD Practitioner Panel Consumer Panel 11 Non-Executives 4 Executives
Organisational structure to achieve objectives Chairman Chief Executive Officer Business Review & Audit Retail Markets Wholesale & Institutional Markets Regulatory Services Transformation Finance, Strategy & Risk People & Communications General Counsel Enforcement Cross FSA sector leaders
Organisational structure to achieve objectives Key features of structure 3 main strategic business units Direct reporting divisions of specific services Sector leader focus Matrix structure
Business Review & Audit in the structure Committee Chairman Business Review & Audit CEO
BRAD Mission Use independent reviews: to provide an objective opinion to the Audit Committee and FSA Board on whether robust, fit for purpose risk management frameworks are being maintained and operated by management whether these comply with the corporate governance requirements of Turnbull Adopting a risk based approach to establishing a sound system of internal control and reviewing its effectiveness).
BRAD Structure and Skills Mix ERNST & YOUNG Strategic Partners JAMES GLASS Director KAREN BARNETT Director's PA KAREN DIGNAN Manager PAUL FROST Manager Senior Audit Consultants and Audit Consultants 50% professionally qualified 2 external secondees 2 currently seconded to other parts of the FSA Use of specialist skills from Strategic Partners Increasing range of high potential staff and supervision experience
Corporate Governance Combined Code UK Sets out principles and provisions Listed companies have to make statements : How it applies the principles statements are not prescribed and companies have a free hand to explain their governance policies That the company has complied with the provision of the code or where it does not to provide an explanation “Comply or explain” approach in operation for more than 10 years and its flexibility is welcomed by Boards and investors The FSA is not a listed company but sets out to comply with best practice where possible
Risk Assessment Framework Board Approval Consolidated Risk Map Divisional and Business Unit Risk Assessment Risk Assessment Tables
How we do this in practice
Risk Assessment
Overall BRAD framework for providing independent assurance RISK PROFILE AUDIT PLAN BRAD OBJECTIVES DIRECTOR DISCUSSIONS FSA OBJECTIVES AUDIT COMMITTEE CORPORATE GOVERNANCE MONITORING MEASURES MONTHLY REPORTS REPORTS TO CHAIRCO A U D I T C O M E FEEDBACK P R O J E C T V I W FOLLOW UP PLANNING TERMS OF REFERENCE FIELDWORK REPORT FINDINGS RISK EVALUATION INDEPENDENT ASSURANCE
Risk Based Approach - Planning Reporting BRAD view: - Relationship - Management information 6 monthly audit plans Director input Risk Profile Consolidated Risk Map & Risk Assessment Tables Audit Committee Approval Executive Director input Circulated to directors External Audit Activity Rolling quarterly plans Delivery of plan Consolidated Risk Map prepared from director and divisional input Assess priorities and experience Allocate staff or use E&Y
Example: Arrow Review Definition: The Arrow Approach: BRAD objectives: Advanced Responsive Risk Operating frameWork Used to assess a firm’s risk to the FSA’s objectives The Arrow Approach: Review against business and control risk Focus business and control risks and on statutory objectives Producing impact and probability score and an overall score BRAD objectives: Provide independent assurance to the Chairman and the Board of the operation of the Arrow firm specific framework and its effectiveness and fit for purpose.
Arrow Review - The BRAD approach 3 stage process Arrow roll out Review of how Arrow had been applied to individual firms Risk Mitigation Plans Review of approach and implementation to risk mitigation programmes Feedback to firms Interview of firm’s senior contacts to establish their views on the Arrow approach in practice Summary of findings from all reviews
Arrow Review – outcomes and recommendations Overall findings cross FSA and individual division level FSA programme of change to ARROW underway incorporating BRAD results Preliminary assessments More focus and added value Discovery Focus and use of information. Close out Scoring No one size fits all. Impact vs probability Validation panels Standards and good practice Risk Mitigation Programmes SMART actions and outcomes and better monitoring Communication Accuracy and transparency
Action Tracking and Follow ups BRAD final report High and Medium High risks into Tracking system Monthly tracking of agree actions Directors asked to confirm either completion of actions or explanations for any delays with revised dates Monthly tracking reports Monthly report of actions to Executive Committee Explanations for all overdue actions Chief Executive discusses with MDs responsible Monthly reports to ExCo Quarterly reports Audit Committee Quarterly report of actions to Audit Committee Explanations for all overdue actions Follow up & testing when actions “completed” Report on implementation and re-instate on tracking & reports if not complete Regular Follow up
Trends in the BRAD approach Increasing request for review of new processes and for ad-hoc advice and guidance More specialist and in depth reviews being undertaken Role in special investigations Projects and Programmes for change More challenging plans Greater focus on skills and development of BRAD
Delicate balancing act The challenge for BRAD BRAD role in adding value and achieving objectives of the FSA Obligation to provide independent assurance Need to add value without stepping outside independent assurance role Must not take on line management responsibilities that will dilute our ability to audit or to provide independent comment Delicate balancing act
BRAD Strategic Plan Business – Add value Relationships – Work in Partnership Assurance – Independence & Objectivity Delivery – Dynamic & Influential
Questions