The New Principles of Internal Audit in Banks

Agenda Program
divider graphic
Prague, NH Hotel Prague
divider graphic

Learning Objectives:

Design and implement an Audit Charter
Organise and structure an Audit Committee
Optimally position Internal Audit and establish productive relationships with the board of directors, management, supervisors and other related assurance functions
Define competencies for internal audit personnel
Construct an optimal audit universe and audit plan
Develop independent risk assessment approaches
Build a heat-map that shows the status of Internal Audit activities relative to the threat of unexpected losse
Course Description
In June 2012 the Basel Committee on Banking Supervision (BCBS) issued supervisory guidance entitled ‘The Internal Audit Function in Banks'. This guidance sets out 20 principles relating to the role, structure, activities and scope of Internal Audit that are collectively designed to ensure that reliable independent assurance is provided to the board of directors and senior management on the quality and effectiveness of a bank's internal control, risk management and governance systems and processes. This course examines these 20 principles and considers the associated best practices that, when implemented, ensure audit approaches and standards are adopted that satisfy bank supervisory (BCBS) expectations.

Who Should Attend
The course is designed for chief auditors, audit managers and supervisors, members of the audit committee and other senior managers who are seeking to upgrade or modernise their internal audit function in line with updated bank supervisory (BCBS) expectations.

The course is in workshop form. It is designed to be eminently practical, interactive and rich with real-life case studies that are complemented by classroom instruction led by an expert trainer who is both a former Chief Auditor and risk management expert. Participants will be encouraged to work in teams on case studies aimed at implementing best practice approaches to internal auditing that are consistent with supervisory expectations.

Program of the seminar: The New Principles of Internal Audit in Banks

The seminar timetable follows Central European Time (CET).

09.00 - 09.15 Welcome and Introduction

Session 1: The Changing Risk Landscape in Banking and the Role of Internal Audit

  • The causes of the financial crisis... unidentified and unquantified risks
  • The contagion of systemic risk and its causes
  • The evolving regulatory framework � the example of the Basel accords
  • Understanding stakeholder expectations of Internal Audit and best practices:
    • Basel Committee on Banking Supervision (BCBS)
    • Institute of Internal Auditors (IIA)
    • Committee of Sponsoring Organizations of the Treadway Commission (COSO)
  • The evolving role of Internal Audit; compliance, systems based, risk based... what next?

Case Study: Identifying and analysing the principal drivers of change in the risk landscape in which banks operate and the implications for Internal Audit
Case Study: Developing a schedule of plausible threats to which banks may be exposed that can cause material unexpected losses

Session 2: An Examination of the BCBS�s Updated Internal Audit Principles

  • An overview of the BCBS�s updated principles for Internal Audit:
    • Supervisory expectations
    • Relationship of the supervisory authority with the internal audit function
    • The supervisory assessment of the internal audit function
  • What are the areas where Internal Audit needs to improve... understanding the implications for your bank
  • Constructing a gap analysis and implementation plan and getting management buy-in

12.00 - 13.00 Lunch

Session 3: Designing, Structuring and Implementing an Audit Committee and Charter

  • Establishing an Audit Committee and its positioning within a bank�s overall governance framework
  • The typical composition of an Audit Committee
  • The responsibilities typically assigned to the Audit Committee
  • The purpose of an Audit Charter, its structure and typical content
  • The Audit Charter�s challenge and approval process

Case Study: Simulation of an Audit Committee meeting at which the Head of Audit is seeking approval for an Audit Charter

Session 4: Evaluating, Monitoring and Developing Audit Personnel�s Knowledge and Skills

  • What are the core competencies of Internal Audit
  • Using internal audit as a skills development area... the value of rotational assignments
  • Constructing a skills inventory and using it to monitor staff development

Case Study: Develop a skills inventory for Internal Audit personnel

Session 5: Corporate Governance Frameworks

  • An overview of BCBS�s June 2010 �Principles for Enhancing Corporate Governance�
  • The control hierarchy and Internal Audit�s relationship with related assurance functions
  • The OECD definition of corporate governance adopted by the BCBS
  • Key areas of corporate governance requiring greatest focus
  • A typical risk governance structure... the various committees and their interrelationship
  • The three lines of defence... understanding the role and expectations of Internal Audit

Case Study: Develop an audit programme relative to the corporate governance framework and processes

Session 6: Constructing the Optimal Audit Universe

  • Defining audit entities and the audit universe to achieve optimal audit efficiency and management response
  • Designing the audit approach: �end-to-end� vs. �standalone� audits
  • The audit planning grid

Case Study: From a supplied list of organisational units develop a recommended audit universe

12.00 - 13.00 Lunch

Session 7: Independent Risk Assessment and the Audit Plan

  • Selecting the right independent risk assessment approach as part of audit planning:
    • Basic � probability / severity matrix
    • Moderate - risk factor approach
    • Advanced - calculating inherent and residual risks
  • Developing the 3 year audit plan
  • Reliance on risk registers and process maps
  • Aligning the audit approach with the relative maturity of risk management:
    • Auditing in an area of high risk management maturity
    • Auditing in an area of low risk management maturity
    • Consulting vs. assurance activities � IIA standards

Case Study: �Safe Bank Case Study� � calculating inherent and residual risks

Session 8: Refocusing Internal Audit on Areas of Principal Regulatory Concern

  • Identifying the key programmes applied across the enterprise to manage and mitigate risk
  • Mapping the threats identified on Day One to the programmes that manage and mitigate risk
  • Assessing the status of the Internal Audit function relative to initiatives aimed at minimising the threat of unexpected losses

Case Study: Delegates produce their own threats vs. Internal Audit status heat-map

Evaluation and Termination of the Course

Training catalogue in PDF
arrow-up icon