Internal Audit of the Estonian Financial Supervisory Authority (EFSA) Raivo Linnas Internal Auditor Tallinn, Estonia – June 29, 2004 1 Curriculum Vitae - I From 01/2002 – Internal Auditor of the EFSA. 10/1998 – 01/2002 – Head of Performance Audit Department, Deputy Auditor General, The State Audit Office. 2 Curriculum Vitae - II 08/1994 – 07/1998 – Chairman, Director General, and Member of Management Board in 2 Insurance Companies; 09/1993 – 05/1994 – Vice Chairman, Member of Board of the Eesti Sotsiaalpank. 3 Curriculum Vitae - III From 04/2004 – Affiliate Member of the IIA of UK and Ireland. From 1985 - Dipl. Eng. Former Lecturer of the Estonian Business School. 4 About the EFSA - I Established on 01.01.2002; An agency created by the Riigikogu; With autonomous competence and a separate budget and management; Independent in the conduct of financial supervision; United Financial Supervision Authority; The Financial Supervision Authority Act. 5 About the EFSA - II About 65 Employees; The Council (6 members, including Ministry of Finance, GBoE) The Management Board (5 members); 8 Departments, IA, IS, PR. About 70 Entities to be Supervised, incl Issuers. Budget of 2004 – circa 2.7 million EUR. 6 Place of Internal Audit Unit in the EFSA Directly accountable to the Management Board. No statutory links with Supervisory Council. No Audit Committee. 7 Legal Framework FSA § 18.3.9; IA Reglement (Charter); Job Description of IA; Code of Ethics of IA; Contract of Employment of IA. Fixed-term Contract for 2+2 years. 8 Mission To help Management Board achieve goals and objectives in best way with most reasonable consumption of resources. 9 Goals and Objectives To add value and develop the EFSA’s: Management and Organizational Culture; and Control Environment. To evaluate and improve the effectiveness of risk management, control and governance processes. 10 Tasks and Responsibilities of IA Internal Audit Function; Handling of Conflict of Interests Issues; Risk Management Function (secondary); Promote Quality Management; Promote Appropriate Ethics and Values within the EFSA. 11 Rights of IA - I To be Independent in Planning, Scoping and Performing Audits and Investigations; Immidiate Direct Access to CMB and MB in Corpore; Access to all Files, Accounts, Processes, Property and Data. 12 Rights of IA - II Interview all Staff, incl Members of Management Board (MMB); Interview all Contractors and Representatives of Entities Under Supervision; Take Part in meetings of MB and other relevant meetings; 13 Rights of IA - III Reject all tasks in case of risk of incompetence, conflict of interests or unobjectivity; Contract Independent External Expert(s); Involve Personnel of EFSA in Audits and Investigations; Continuing development of knowledge, skills, and other competencies. 14 Scope All Fields of Activity of the EFSA; All functions and projects; All systems and processes; Entire Staff, incl MMB; All Structural Units. 15 Approach Risk Based. Implementing The IIA Internal Audit Standards as well as possible. No full compliance with the IIA IAS as of today. 16 Planning 1. Strategic Plan (3-5 years); 2. Quarterly Plan; (Time-Resource Based) 3. Plan of Particular Audit. SP and QP to be Confirmed by MB. PPA to be Consulted with Chairman. 17 Reporting The Case Report of Audit Results to the CMB and/or MB. Quarterly Report to the MB. Annual Report of Activity to the MB. Annual Report of Self-Assessment to the CMB. 18 Content of QR - I I Report of Most Important Activities (Execution vs Plans). II Observations of Most Important Risks. III Report of All Activities by Areas of Responsibility. (Execution vs Plans). 19 II Observations of Most Important Risks - I Risks of Communication and Disclosure; Financial Risks; Risks of Planning and Budgeting; Risks of Unachivement of Goals and Objectives; Risks of Image; 20 II Observations of Most Important Risks - II Risks of Supervision; Risks of Handling Confidential Information; Observations on Risk Management; Observations on Control Environment; Observations on Corporate Governance; Observations on Conflict of Interests Issues; Observations on Fraud and Misusement; Varie. 21 Assessment Self-Assessment of Each Particular Audit. Annual Self-Assessment. Annual Internal Assessment. Annual Appraisal. External Assessment (At once in 3 years). 22 Audit Process 5 Stages and 12 Steps Planning (4 Steps); Conducting (1 Step); Drafting Results (3 Steps); Disclosure (1 Step); Assessment (2 Steps); Follow-up (1 Step). 23 Risks of Particular Model Risk of Discontinuity; Risk of Incompetence; Risk of Independence; Risk of Divisibility; Risk of Shortage of Ideas. No Time for Deeper and Longer Engagements. 24 Strengths Clear Responsibility. Efficiency of Ressource Consumption. No Opposition with MB. 25 Audit failing Standardized and Formalized; Traditional; Digital. 26 Thank you very much for your attention! 27