Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal Audit and the Compliance Function

Published bySabina Townsend Modified over 9 years ago

Similar presentations

Presentation on theme: "Internal Audit and the Compliance Function"— Presentation transcript:

1 Internal Audit and the Compliance Function
Slavko Rakocevic

2 INTERNAL AUDIT AND COMPLIANCE FUNCTION
Dr. Slavko Rakočević, licenced auditor IIA MONTENEGRO Chairman Member of the Auditing Committee-ECIIA Brussels Head of Internal Audit at “Wiener Stadtische Insurance” Montenegro Head of Compliance Function at “Hipotekarna Bank” Montenegro INTERACTION WITH THE AUDIT COMMITTEE

3 Source: http://www.eciia.eu/

4 INTERNATIONAL INITIATIVES
DIRECTIVE 2006/43/EC , of 17 May 2006, on statutory audits of annual accounts and consolidated accounts, The European Parliament resolution on corporate governance in financial institutions and remuneration policies -2010/2303(INI) - 11/05/2011 Compliance and the compliance function in banks - April 2005 Fundamentals of GRC: The Connected roles of Internal Audit and Compliance (IIA & Thompson Reuters-2011) The Audit Committee: Internal Audit Oversight (IIA -2011) ecoDa -Audit Committee Guidance for European Companies-Version 2011

5 EU DIRECTIVE 2006/43/EC on statutory audits of annual accounts and consolidated accounts
Article 41.- Each public-interest entity shall have an audit committee. At least one member of the audit committee shall be independent and shall have competence in accounting and/or auditing. Article 41(2b) monitor the effectiveness of the company's internal control, internal audit where applicable, and risk management systems.

6 European Parliament resolution of 11 May 2011 on corporate governance in financial institutions (2010/2303(INI)) Article 56. three-way dialogue between supervisors, auditors (both internal and external) and institutions would improve the likelihood of substantial or systemic risk being detected at an early stage. It is the Board and Internal Auditor's responsibility to ensure that necessary internal controls are in place to detect systemic risks and to establish a procedure for informing the board and supervisors of these risks in order to avoid negative consequences; Izvor:

7 ERM-ECIIA view and response
Strategic Compliance Reporting Entity-Level Division Business Unit Subsidiary Operations Control Activities Internal Environment Objective Setting Risk Identification, Assessment and Response Information & Comunication Monitoring Three Lines of Defense Model 3rd Line of Defense Audit Committee Internal Audit 2 nd Line of Defense Chief Risk Officer, Compliance Officer, CFO, Security, Quality 1st Line of Defense Business Management Reporting goes beyond financial reporting control : A system for consistent reporting on risk and risk management systems A Recommendation to the European Commission Increasing board responsibility by country legislation or the comply or explain approach The Role of Internal Audit in Enterprise-wide Risk Management. Izvor:

8 Source: COSO (January 2012.) Enterprise Risk Management - Understanding and Communicating Risk Appetite

9 COMPLIANCE FUNCTION Compliance

10 Nature and purpose of the compliance function
compliance principles (code of conduct) compliance policy compliance charter

11 The compliance policy This Compliance policy is laid down in writing and contains: the main aspects of the compliance risk, explain the principles laid down by the board of directors, establish the Compliance function and define its goals and independence, require the drawing up of a charter, institute the implementation of a continuous training programme. Note: The policy need not detail all the laws, regulations, circulars and other applicable codes, but it shall lay down the main principles to follow.

12 The compliance charter
The charter shall at least°: - set forth the objectives of the Compliance function; - define its responsibilities and role; - establish its independence and permanence; - describe the relationship with other departments and functions as well as any need of delegation and/or coordination; - grant the Compliance function the access right to any information necessary to carry out its responsibilities; °Note: Very similar to an audit charter

13 The compliance charter
The charter shall at least: - acknowledge its right to conduct investigations; - define the reporting lines; - establish the right to contact senior management, and, where applicable, the Chairman of the board or the members of an audit committee or a Compliance committee; - define the conditions in which the function can have recourse to external expert Note: All changes to be approved by the board of directors.

14 General theory of compliance
COMPLIANCE ASPECTS Starts at the TOP Promotion of a compliance culture … …. everyone is concerned scope of topics to be covered by compliance fonction

15 Compliance and the compliance function BASEL COMMITTEE PRINCIPLES 10 PRINCIPLES - April 2005
Responsibilities of the board of directors for compliance: Principle 1 Responsibilities of senior management for compliance: Principles 2, 3, 4 Compliance Function principles: Principles 5, 6, 7, 8 Other matters : cross-border issues, outsourcing - Principles 9, 10

16 BASEL COMMITTEE PRINCIPLES
Responsibilities of the board of directors for compliance: Principle 1 : Oversight management of the bank’s compliance risk Approve compliance policy Assessment

17 BASEL COMMITTEE PRINCIPLES
Responsibilities of senior management for compliance: Principle 2 : - Responsible for effective management of the bank ’s compliance risk Principle 3 : - Compliance policy - Reporting to the board of directors Principle 4 : - Permanent and effective compliance function

18 BASEL COMMITTEE PRINCIPLES
Compliance Function principles: Principle 5 : - Independence > Status > Head of Compliance > Conflicts of interest > Access to Information > Personnel

19 BASEL COMMITTEE PRINCIPLES
Compliance Function principles: Principle 6 : Resources Principle 7 : - Responsibilities > Advise senior management > Guidance & education > Identification, measurement & assessment of compliance risk > Monitoring, testing & reporting > Statutory responsibilities and liaison > Compliance programme

20 BASEL COMMITTEE PRINCIPLES
- Relationship with Internal Audit > Periodic review of the compliance activities > Separate functions Principle 9 : - Cross border issues > all jurisdictions when subsidiaries & branches abroad > legal & regulatory requirements of the host jurisdiction > procedures to assess increased reputational risk Principle 10 : - Outsourcing > Core activity Specific tasks may be outsourced but appropriate oversight

21 Manage the compliance function
IMPLEMENT A REGULATORY WATCH > Reasons : Non compliant with the laws, regulations, authorities instructions, professional standards > Consequences : - Judicial, administrative sanction - Financial loss - Reputation damage

22 Implementation of the compliance principles August 2008 - Basel Committee on Banking Supervision

23 Manage the compliance function
Expected profits Solvency risk Credit Operating Interest rate risk Liquidity and funding risk Technology Foreign currency risk Overhead Market Settlements/ payments risk Regulatory Inflation

24 Manage the compliance function
WHO IS IN CHARGE OF THE COMPLIANCE FUNCTION ? Compliance function = staff with compliance responsibilities Approach « tone from the top» , but everyone is involved ! BOARD OF DIRECTORS : Promote a compliance CULTURE Determine the compliance PRINCIPLES Approve the POLICY and the CHARTER

25 Manage the compliance function
WHO IS IN CHARGE OF THE COMPLIANCE FUNCTION ? Approach « tone from the top» , but everyone is involved ! BOARD OF DIRECTORS: Ensure, on a regular basis, that the institution has an adequate Compliance Function Assess on yearly basis the management of the Compliance risk Ensure that the Compliance function has a right to directly contact the Chairman of the Board of directors Ensure that the Compliance Function has a right to recourse to the services of external experts

26 Manage the compliance function
WHO IS IN CHARGE OF THE COMPLIANCE FUNCTION ? Approach « tone from the top» , but everyone is involved ! SENIOR MANAGEMENT : Set-up of a Compliance function in accordance with the applicable regulations Designate a person of the senior management in charge of the Compliance function

27 Manage the compliance function
WHO IS IN CHARGE OF THE COMPLIANCE FUNCTION ? SENIOR MANAGEMENT : Implement the Compliance POLICY Ensure, on a regular basis, the implementation and respect of the Compliance POLICY Inform, at least once a year, the board of directors on the status of Compliance

28 Manage the compliance function
PRINCIPLES TO ADOPT & RESPECT > Independence > Resources : . Respect of the principle of proportionality : size, nature & complexity of the activities of the institution > Competence Heads of Compliance should : have substantial business experience able to communicate, to deliver training be familiar with laws, regulations & relevant compliance standards be familiar with research in business ethics and compliance understand the risk management process understand the auditing process

29 Manage the compliance function
PRINCIPLES TO ADOPT & RESPECT Heads of Compliance should : have project management skills have substantial management experience be able to motivate people be connected to company operations be able to network, establish positive & effective relationships with other key functions have the authority to have decisions & recommendations taken seriously at all levels of the organisation source : Ethics resource center, 08/2007

30 Manage the compliance function
RESPONSABILITIES OF THE COMPLIANCE FUNCTION (1) Identify and assess the compliance risk Identify the applicable rules / regulatory watch Set-up of procedures and instructions to implement the Compliance policy Be involved and consulted when internal control procedures are implemented

31 Manage the compliance function
RESPONSABILITIES OF THE COMPLIANCE FUNCTION (2) Monitor regularly the respect of the Compliance policy (cooperation with Internal Audit) Centralise the information on compliance issues Analyse the Compliance issues, recommend corrective measures to address failures and deficiencies Ensure the follow up of detected issues : action plan Assist and advise senior management

32 Manage the compliance function
RESPONSABILITIES OF THE COMPLIANCE FUNCTION (3) Raise awareness of staff to Compliance & develop a training programme Communicate with the authorities re. AML/ CFT, MAD, fraud,... Document the work carried out in order to track the interventions and the conclusions Report to senior management and as the case may be to the board of directors of the institution IMPLEMENT A COMPLIANCE PROGRAMME FOCUS ON COMPLIANCE RISK FOCUS ON REGULATORY WATCH FOCUS ON MANUAL OF COMPLIANCE

33 Other key compliance issues
Prevention of money laundering Corruption Insider trading & market manipulation Financial market regulations Data protection

34 ecoDa -Audit Committee Guidance for European Companies-Version 2011
Some practitioner views on the interrelationship of Audit Committee with Internal Audit and Compliance ecoDa -Audit Committee Guidance for European Companies-Version 2011 Principles of setting up Audit Committees Adopting the AC chart / inspiration from CG principles. Main variables: Committee of the board: principles of equality of duties of all board members and collectivity of responsibilities Duties: examine the effectiveness of financial reporting, internal control and risk management. Approve tall he audit plan/budget. Monitor its execution. Composition: Independent / non-executive only. accounting background / Skills map. Chairman: independent only / accouting competence Secretariat: usually provided by the Corporate Secretariat

35 Principles of setting up Audit Committees
Other main variables of AC Chart Attendance Frequency [See below] Agenda [see below] Evaluation: Frequency: usually yearly. Methodology: forms vs substance / external vs self-assessment Hierarchy: Reporting to the board / Disclosure in annual report [CG section] Relationship management with: Group audit [if applicable] External auditors Internal audit Legal and compliance Risk Management

36 Role of the Chairman: Preparation of AC meetings
Physical meeting 2-3 weeks in advance of AC meeting. Attendance: internal audit head, plus external audit senior partner, plus corporate secretary, plus on demand experts. Scope: verify minutes of previous AC meetings, verify action points of previous AC meetings, review the AC meeting agenda, overview existing tabled documents, convene experts in attendance and specify other required documentation. Plus logistics. Time required: 1-2 hours

37 Role of the Chairman: Preparation of AC meetings
Agenda item C.Secr..&Chair CFO External Audit Internal Audit Chief Risk Officer Chief Compli-ance Internal audit report including management letter, review of latest audit missions, status of unsatisfactory rated missions, review of current audit plan, adequacy of audit resources, approval of next year audit plan, etc. X Compliance quarterly report including follow up of previous period, incident reports, relations with authorities and regulators; regulatory news.

38 Process of Audit Committees: Holding AC meetings
Agenda item C.Secr..&Chair CFO External Audit Internal Audit Chief Risk Officer Chief Compli-ance Global Risk Management reports including evolutions in RM organization and structure, review of RM charter as well as specific reports on financial risks committees [ALM; counterparty; pricing and valuation of assets] and as reports and statistics on operational risks [including Basel II dimension]. X

39 Process of Audit Committees: Holding AC meetings
Agenda item Chairman CFO External Audit Internal Audit Chief Risk Officer Chief Compli-ance Report on self-assement of AC members; proposals for review of the principles/chart of AC X Any other business x

40 Audit Committee in practices Practical lessons that may have to be learned
On the « Minus » side AC did not prevent occurrence of significant financial, counterparty and fraud risks. Board delegation to AC may create loss of ownership on accounting , audit and risk issues at level of board. Expensive process better tailored for larger industrial and financial groups. Models for SME to be developped. Audit competence gap among board members. Continuing education need in most countries. On the « Plus » side Bring to management expert views and judgment. Independent review: « checks and balances » Delegation: take load from the board shoulders Create corporate self-discipline Facilitate communication and authority between all experts Contribute to harmonize audit processes within a group

41 Thank you for your attention!!
QUESTIONS ???

Download ppt "Internal Audit and the Compliance Function"

Similar presentations

Organizational Governance

Organizational Governance
The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.

The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.
Basel Committee Guidance on Corporate Governance for Banks

Basel Committee Guidance on Corporate Governance for Banks
1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.
Audit Committees: Experiences from a practioner by Patrick Zurstrassen, Chairman of the “Institut Luxembourgeois des Administrateurs”, Member of the IFC.

Audit Committees: Experiences from a practioner by Patrick Zurstrassen, Chairman of the “Institut Luxembourgeois des Administrateurs”, Member of the IFC.
Corporate Governance Reform Professor Blanaid Clarke Trinity College Dublin Law Reform Commission Annual Conference 11th December 2012.

Corporate Governance Reform Professor Blanaid Clarke Trinity College Dublin Law Reform Commission Annual Conference 11th December 2012.
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
Code of Corporate Governance for Listed Companies in China

Code of Corporate Governance for Listed Companies in China
Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.

Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
PUBLIC SECTOR INTERNAL AUDIT IN THE REPUBLIC OF LITHUANIA Mr. Jonas Vaitkevičius Head of Internal Audit and Financial Control Methodology and Monitoring.

PUBLIC SECTOR INTERNAL AUDIT IN THE REPUBLIC OF LITHUANIA Mr. Jonas Vaitkevičius Head of Internal Audit and Financial Control Methodology and Monitoring.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.

Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.
3rd session: Corporate Governance

3rd session: Corporate Governance
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Internal Control and Internal Audit

Internal Control and Internal Audit
Purpose of the Standards

Purpose of the Standards
Trinidad & Tobago Corporate Governance Code 2013

Trinidad & Tobago Corporate Governance Code 2013
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.

The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.

Similar presentations

Ads by Google