Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets...
Transcript of Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets...
![Page 1: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/1.jpg)
Internal Audit and Digital
Carolina Baltazar ECIIA
June, 2019
![Page 2: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/2.jpg)
Agenda
• Brief introduction of ECIIA
• The Digital World
• The impact for internal audit
• Cyber risks and governance
Enhancing governance through internal audit
2
![Page 3: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/3.jpg)
What is ECIIA?
Enhancing governance through internal audit
ECIIA VISION
Furthering the development
of good Corporate Governance
and Internal Audit at the
European level, through
knowledge sharing, developing
key relationships, and impacting
the regulatory environment.
3
34 NIs
47 700 members
BUT, different NIs sizes(*)
(*) membership in July 2017
![Page 4: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/4.jpg)
Advocacy & Public Affairs coordination targets
Enhancing governance through internal audit
influence
Objective:
Promote good corporate governance
& appropriate recognition of I.A in European
regulations and Corporate Governance codes
European Parliament European Commission Banking Authority
Central Bank Insurance & Occupational Securities
Pensions Authority & Markets Authority
collaborate with
1 2 3
4 5 6
FERMA Confederation of Public Finance Control
Risk Management Directors Associations
represent interests of lobby group representing Accountancy
publicly quoted compagnies enterprises of all sizes Europe
Objective:
Build relationships with key institutions interested in
Corporate Governance at European level
Organize common events, make common
publications...
1 2 3
4 5 6
Main
European
Bodies
4
![Page 5: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/5.jpg)
Agenda
• Brief introduction of ECIIA
• The Digital World
• The impact for internal audit
• Cyber risks and governance
Enhancing governance through internal audit
2
![Page 6: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/6.jpg)
Digital World definition
“Digital World is a contemporary expression to communicate the
importance of digital technology today.
When we say Digital World, we are essentially communicating that the
almost the entire
world is connected
with digital
technology”.(*)
(*) Quora publication Jan 2019 Enhancing governance through internal audit
7
![Page 7: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/7.jpg)
The Digital World
• Technology transforms business models: • New businesses that wiped out legacy cooperations
• New business processes using new technology
• More responsibility and liability for Boards, audit committees
• More functions knocking at the Boards doors
New role for internal audit !
Enhancing governance through internal audit
8
![Page 8: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/8.jpg)
Agenda
• Brief introduction of ECIIA
• The Digital World
• The impact for internal audit
• Cyber risks and governance
Enhancing governance through internal audit
2
![Page 9: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/9.jpg)
The impact of the Digital World on Internal audit
• New role
• New objectives
• New methodology
• New skills
required for internal audit
Enhancing governance through internal audit
10
![Page 10: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/10.jpg)
New role for Internal Audit
• Focus on adding value to
shareholders
• Monitor digital innovation risks
preventing the execution of
business strategies
• Wider integration with the other
lines of defense: integrated
assurance with empathy, instinct
and ethics
Enhancing governance through internal audit
• Demonstrate its unique
value (vs other functions of the second line)
• Educate Management
and the Board about
innovations in technology:
”insight”
11
![Page 11: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/11.jpg)
New objectives for Internal Audit
• Leveraging internal audit’s
business intelligence portal
• Provide strategic insight to the
Board while providing oversight
of risk management
• Run audits like a business
by employing new technologies
to drive efficiencies and provide
real time recommendations
Enhancing governance through internal audit
New dimensions in the audit plan: • New collaborations internally
and externally
• Real time plan vs annual plan
• Predictive model to assess audit impact before it starts
• Strategic risks
• Greater connectivity of people, data and systems
• New work habits (home work, flexibility,…)
• New communication tools (instant chat, social media,….)
12
![Page 12: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/12.jpg)
New methodologies for Internal Audit
• Data analytics for better analysis
with artificial intelligence
• Data sharing for the working
papers
• New tech savy reporting (eg SharpCloud)
• Focus on the way risks are
managed vs focus on expected
controls
Enhancing governance through internal audit
• Integrated assurance tool : Governance, risk management and compliance
• Proactive approach: prognosis on governance, risk and
control, pre-empting change and
opportunities/threats and use of
RPA(*)
• Frequent updates of
programmes, checklists, …
• Include sustainability to
encompass wider factors (talent retention,…)
(*) Robotics Process Automation 13
![Page 13: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/13.jpg)
New skills for Internal audit
• Skills to use and understand
analytics
• Skills to use and understand
innovative technologies
• Hiring based on agility
• Analytical skills
• Basic Coding requirements
• Have a Digital IQ
• Facilitation skills (more exchanges, workshops,…)
• Initiative-proactive thinking
• Presentation skills
• Branding skills (image of the department)
• Business knowledge remains
KEY for Senior people
Enhancing governance through internal audit
15
![Page 14: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/14.jpg)
Agenda
• Brief introduction of ECIIA
• The Digital World
• The impact for internal audit
• Cyber risks and governance
Enhancing governance through internal audit
2
![Page 15: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/15.jpg)
Enhancing governance through internal audit
Culture
Strategy
Governance model
Ongoing risk management
• Resilience
• Awareness
• Collaboration
• Risk appetite
• Alignment
• Implementation
• Resourcing
• Risk management
• Policies and standards
• Application of controls
• Measurement of efficiency
• Risk identification and reporting
Figure 1. Cybersecurity management model
Cybersecurity essentials
Cyber risk preparedness and resilience requires a coordinated and collaborative approach
:IT, Risk, HR, Finance, Legal, Communications and other business functions to support each
aspect of cybersecurity: identification, protection, detection, response and recovery.
Building an effective cyber security culture across the business is an essential factor for success
![Page 16: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/16.jpg)
Enhancing governance through internal audit
Stress on various things you need to ensure about cyber risks management:
cyber risk is not a “mere” IT risk, but has wide and cross-functional implications
a trustful coordination between the different lines of defense is necessary
a fast and transparent information vis-à-vis the BoD through its specialised committee
transparent communication about cyber risks in the whole organization is vital
nobody should be a “silent “victim
By leveraging existing functions and relationships, a cyber risk governance model will
avoid cyber management in silos and make an organization more agile. Cyber risk governance should become an essential condition for seizing opportunities
from digitalization.
![Page 17: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/17.jpg)
-Commun Working Group with Risk Managers and Internal Auditors (
Deutsche
Bank, BBVA, Airbus, Copenhagen Airport, Sodexo, Proximus,….)
-Support from DG Connect and MEP Guoga to develop a governance
model that supports the NIS Directive and GDP Regulation
-Objective to enhance resilience to cyber incidents for the survival of
corporations
17
ECIIA-Ferma Guidance : somme feedback
![Page 18: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/18.jpg)
Enhancing governance through internal audit 18
The proposed framework is based on : The 8 organising principles for Digital Security Risk Management from OECD Awareness, skills and empowerment Responsibility Human Rights Cooperation Risk Assessment and Treatment Cycle Security measures Innovation Preparedness,Resilience and Continuity The Three Lines of Defence Model
Fundamentals for Cyber Risk Management Framework
![Page 19: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/19.jpg)
Enhancing governance through internal audit 19
Fundamentals for Cyber Risk Management Framework
![Page 20: Internal Audit and Digital - IPAI · 2019-06-28 · Advocacy & Public Affairs coordination targets Enhancing governance through internal audit influence Objective: Promote good corporate](https://reader033.fdocuments.in/reader033/viewer/2022041918/5e6ac80cdefc293ab64e6564/html5/thumbnails/20.jpg)
Thank you for your attention!
Follow us:
@EciiaInfo
www.eciia.eu
Enhancing governance through internal audit
16