E C I A

advertisement
EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)
============================================================================
Head Office: c/o IIA Belgium – Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)
Phone: +32 2 217 33 20 Fax: +32 2 217 33 20 Email: office@eciia.eu
Brussels, June 26 2014.
Dear Sir, Madam,
The ECIIA (European Confederation of Institutes of Internal Auditing) would like to thank you for the
opportunity to comment on the open discussion document: “The Future of Audit and Assurance”.
Our main concern with this document is that it focuses exclusively on the role of external audit in providing
assurance to boards and does not recognise the central role also played by other functions such as internal
audit and risk. An essential aspect of assurance is the way external audit works with these other functions
to ensure that boards receive a full and coordinated picture of governance, risk and control.
Internal audit is an important part of the governance model, helping governing bodies to monitor the
effectiveness of the company’s internal control and risk management systems and providing them with
independent and objective assurance on governance, risk and control. For this reason, we believe that the
final version of the FEE document needs to cover these aspects of assurance. In particular this will need to
explain the interaction and cooperation between external and internal audit. In this respect, please see the
ECIIA position paper: “improving cooperation between internal and external audit” (in appendix).
The ECIIA is the professional representative body for 35 national Institutes of Internal Audit in the wider
geographic area of Europe and the Mediterranean basin representing a membership base of over 40.000
internal audit professionals. The mission of ECIIA is to be the consolidated voice for the profession of
internal auditing in Europe and to promote the enhancement of corporate governance through internal
audit.
As such, the ECIIA is an Associated Organisation of the global Institute of Internal Auditing (the IIA), a
professional organisation of more than 181.000 members in some 190 countries. Throughout the world,
the Global IIA is recognised as the internal audit profession's leader in certification, education and research
regarding internal auditing. The Global IIA also maintains the International Professional Practices
Framework (IPPF) which includes the International Standards for the Professional Practice of Internal
Auditing, the definition of internal auditing, the code of ethics, practice advisories and other guidance.
(http://www.theiia.org/guidance/standards-and-guidance/interactive-ippf/
The IIA endorses the “three lines of defence model” as an important tool for integrating, coordinating and
aligning all assurance functions within an entity.
Head Office: c/o IIA Belgium – Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)
Phone: +32 2 217 33 20 Fax: +32 2 217 33 20 Email: office@eciia.org Web: www.eciia.eu
EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)
============================================================================
Head Office: c/o IIA Belgium – Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)
Phone: +32 2 217 33 20 Fax: +32 2 217 33 20 Email: office@eciia.eu
.
As the first line of defence, operational managers own and manage risks. As a second line, senior
management establishes various support functions like: accounting; legal; risk management and
compliance to help build and/or monitor the first line of defence controls. The third line comprises the
internal audit function that provides the governing body and senior management with comprehensive
assurance on the effectiveness of risk management, governance and internal controls. This includes the
manner in which the first and second lines of defence achieve risk management and control objectives,
based on the highest level of independence and objectivity within the organization.
Internal auditors evaluate the internal governance mechanisms of the enterprise through a comprehensive
and integrated approach. Their work is related to all processes of an entity taking into consideration all
possible risk factors (e.g. strategic, operational, reporting, compliance and fraud risks) in order to plan the
audit in relation to the diverse control objectives. The internal auditors must be independent and have
adequate resources. In this context, the internal audit function is the primary provider of independent
assurance to the Audit Committee and the senior management from within the entity.
In the “three lines of defence model”, the External Auditors can play an important role in the assurance
process, based on the mandate and the specific scope. They are considered as an additional line of defence,
providing assurance to the organization’s stakeholders, including the governing body and senior
management.
In the appendix we have responded to the most relevant questions for the internal audit profession.
Head Office: c/o IIA Belgium – Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)
Phone: +32 2 217 33 20 Fax: +32 2 217 33 20 Email: office@eciia.org Web: www.eciia.eu
EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)
============================================================================
Head Office: c/o IIA Belgium – Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)
Phone: +32 2 217 33 20 Fax: +32 2 217 33 20 Email: office@eciia.eu
We remain at your disposal for further discussions and would like to meet you shortly to discuss further the
future of the audit profession of which we are all part.
Sincerely
MH Laimay
Vice President
Th Smit
President
Head Office: c/o IIA Belgium – Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)
Phone: +32 2 217 33 20 Fax: +32 2 217 33 20 Email: office@eciia.org Web: www.eciia.eu
EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)
============================================================================
Head Office: c/o IIA Belgium – Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)
Phone: +32 2 217 33 20 Fax: +32 2 217 33 20 Email: office@eciia.eu
Question 1:
Stakeholders’ expectations on audit and assurance are, inter alia, driven by cost/benefit aspects. Good
cooperation and interactions between the different actors will help governing bodies obtain a
comprehensive view of operations and risks whilst eliminating areas of possible duplication of audit efforts.
Most particularly, internal and external auditors should, as a minimum, coordinate their audit plans,
communicate their findings, have regular meetings and provide assistance to the Audit Committees.
The degree of audit cooperation should be discussed at Board/Audit Committee level.
Question 2:
Internal Audit covers broader topics than those covered by the statutory auditors (reporting on the
financial statements). Greater interactions between internal and external audit are recommended in order
to provide assurance in the most effective and efficient manner. ECIIA would be happy to share with FEE
the view of the internal audit profession and the experience of Audit Committee members.
Question 3:
In the International Professional Practices Framework (IPPF) for internal audit, the International Standards
for the Professional Practice of Internal Auditing (Standards), the Definition of Internal Auditing and the
Code of Ethics are mandatory while the practice advisories and other guidance are recommended. This
way, internal auditors have flexibility to adapt their work to the context of their organization while the
same basic rules are applied internationally.
Question 5:
As described above, cooperation and interactions between internal and external audit are key to the
effective and efficient provision of assurance. According to the International Standards for the Professional
Practice of Internal Auditing, the internal auditor may rely on or use the work of external auditors in
providing governance, risk management and internal control assurance to senior management and the
governing body (Standard 2050, supplemented by Practice Advisory 2050-3). The internal auditor must
evaluate the independence and objectivity of the external auditors and adapt the reliance accordingly.
In Standard 1100, the following definitions of independence and objectivity are given:
"Independence is the freedom from conditions that threaten the ability of the internal audit activity to carry out internal
audit responsibilities in an unbiased manner. To achieve the degree of independence necessary to effectively carry out
the responsibilities of the internal audit activity, the chief audit executive has direct and unrestricted access to senior
management and the board. This can be achieved through a dual-reporting relationship. Threats to independence must
be managed at the individual auditor, engagement, functional, and organizational levels.
Head Office: c/o IIA Belgium – Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)
Phone: +32 2 217 33 20 Fax: +32 2 217 33 20 Email: office@eciia.org Web: www.eciia.eu
EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)
============================================================================
Head Office: c/o IIA Belgium – Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)
Phone: +32 2 217 33 20 Fax: +32 2 217 33 20 Email: office@eciia.eu
Objectivity is an unbiased mental attitude that allows internal auditors to perform engagements in such a manner that
they believe in their work product and that no quality compromises are made. Objectivity requires that internal auditors
do not subordinate their judgment on audit matters to others. Threats to objectivity must be managed at the individual
auditor, engagement, functional, and organizational levels."
Question 6:
We agree that IT has a huge impact on the audit profession, resulting in new challenges. This is also the
case for internal audit. Part of the challenge will be to develop compatibility between IT systems and
software used by internal and external audit in order to promote closer cooperation between the two audit
professions.
Question 7:
According to a survey recently conducted by IIA Global (Pulse Survey, IIA Inc, 2013), it appears that more
emphasis on operational skills and soft skills (communication, project management,…) will be required for
internal auditors in the future.
Question 19:
A new directive of the EU has recently been approved by the European Parliament regarding the disclosure
of non-financial and diversity information. Large companies will have to disclose information on policies,
risks and results as regards environmental matters, social and employee related aspects, human rights,
anti- corruption, bribery issues and diversity on board of Directors. Additionally the GRI has released its
framework of corporate reporting. Internal auditors will play a major role in these new requirements by
ensuring that the social and environmental aspects function properly through an assessment of the risks
and internal controls in these areas.
Head Office: c/o IIA Belgium – Koningstraat 109-111, bus 5 - B-1000 Brussels (Belgium)
Phone: +32 2 217 33 20 Fax: +32 2 217 33 20 Email: office@eciia.org Web: www.eciia.eu
Download