internal audit within the financial services authority
DESCRIPTION
Internal Audit within the Financial Services Authority. James Glass Director, Business Review and Audit Division. Financial Services Authority. Financial Services and Markets Act FSA vision: - PowerPoint PPT PresentationTRANSCRIPT
Internal Audit within the Financial Services Authority
James GlassDirector, Business Review and Audit Division
Financial Services Authority
• Financial Services and Markets Act• FSA vision:
– “The FSA aims to be a world-leading regulator, respected for its effectiveness, integrity and expertise”
• Statutory objectives– maintaining confidence in the financial system– promoting public understanding of the financial
system– securing the appropriate degree of protection for
consumers– reducing the risks of financial crime
Which must be pursued in line with a set of ‘principles of good regulation’
• economy and efficiency in the use of resources
• recognising the responsibilities of management
• acting proportionately
• recognising
– the value of innovation and competition
– the international character of the UK’s financial markets
Statutory objectives fulfilled by strategic aims
• Maintaining efficient, orderly and clean financial markets
• Helping retail consumers achieve a fair deal
• Making the FSA a more efficient organisation
To whom are we accountable?
Parliament
H M Treasury Treasury Select Committee
FSA BOARD
Practitioner Panel Consumer Panel
11 Non-Executives 4 Executives
Organisational structure to achieve objectives
Chairman
Chief Executive OfficerBusiness Review & Audit
Retail MarketsWholesale & Institutional
MarketsRegulatory Services
Transformation
Finance, Strategy & Risk
People & Communications
General Counsel Enforcement
Cross FSA sector leaders
Organisational structure to achieve objectives
• Key features of structure
– 3 main strategic business units
– Direct reporting divisions of specific services
– Sector leader focus• Matrix structure
Business Review & Audit in the structure
Chairman
CEO
Audit Committee
Business Review& Audit
BRAD Mission
• Use independent reviews:
– to provide an objective opinion to the Audit Committee and FSA Board
– on whether robust, fit for purpose risk management frameworks are being maintained and operated by management
– whether these comply with the corporate governance requirements of Turnbull
• Adopting a risk based approach to establishing a sound system of internal control and reviewing its effectiveness).
BRAD Structure and Skills Mix
KAREN BARNETT
Director's PA
PAUL FROST
Manager
KAREN DIGNAN
Manager
Senior Audit Consultants and Audit Consultants
50% professionally qualified
2 external secondees
2 currently seconded to other parts of the FSA
Use of specialist skills from Strategic Partners
Increasing range of high potential staff and supervision experience
ERNST & YOUNG
Strategic Partners
JAMES GLASSDirector
Corporate Governance
• Combined Code UK– Sets out principles and provisions
• Listed companies have to make statements :– How it applies the principles
• statements are not prescribed and companies have a free hand to explain their governance policies
– That the company has complied with the provision of the code or where it does not to provide an explanation
• “Comply or explain” approach in operation for more than 10 years and its flexibility is welcomed by Boards and investors
• The FSA is not a listed company but sets out to comply with best practice where possible
Risk Assessment Framework
Risk Assessment Tables
Divisional and Business Unit Risk Assessment
Consolidated Risk Map
Board Approval
How we do this in practice
Risk Assessment
INDEPENDENT ASSURANCE
FEEDBACK
PROJECT
REVIEW
FOLLOW UP
PLANNING
TERMS OF REFERENCE
FIELDWORK
REPORT FINDINGSR
ISK
EV
AL
UA
TIO
N
RISK PROFILE
AUDIT PLAN
BRAD OBJECTIVES
DIRECTORDISCUSSIONS
FSA OBJECTIVES
AUDIT COMMITTEE
CORPORATE GOVERNANCE
MONITORING
MEASURES
MONTHLY REPORTS
REPORTS TO CHAIRCO
AUDIT
COMMITTEE
Overall BRAD framework for providing independent assurance
Risk Based Approach - Planning
Reporting
BRAD view: - Relationship - Management
information
6 monthly audit plans
Director inputRisk Profile
Consolidated Risk Map & Risk Assessment Tables
Audit CommitteeApproval
Executive Director input
Circulated to directors
External AuditActivity
Rolling quarterly plans
Delivery of plan
Consolidated Risk Map prepared from director and
divisional input
Assess priorities and
experience
Allocate staff or use E&Y
Example: Arrow Review
• Definition:
– Advanced Responsive Risk Operating frameWork
– Used to assess a firm’s risk to the FSA’s objectives
• The Arrow Approach:
– Review against business and control risk
– Focus business and control risks and on statutory objectives
– Producing impact and probability score and an overall score
• BRAD objectives:
– Provide independent assurance to the Chairman and the Board of the operation of the Arrow firm specific framework and its effectiveness and fit for purpose.
Arrow Review - The BRAD approach
• 3 stage process– Arrow roll out
• Review of how Arrow had been applied to individual firms
– Risk Mitigation Plans• Review of approach and implementation to
risk mitigation programmes
– Feedback to firms• Interview of firm’s senior contacts to establish
their views on the Arrow approach in practice
• Summary of findings from all reviews
Arrow Review – outcomes and recommendations
• Overall findings cross FSA and individual division level– FSA programme of change to ARROW underway incorporating
BRAD results• Preliminary assessments
– More focus and added value• Discovery
– Focus and use of information. Close out• Scoring
– No one size fits all. Impact vs probability• Validation panels
– Standards and good practice• Risk Mitigation Programmes
– SMART actions and outcomes and better monitoring• Communication
– Accuracy and transparency
Action Tracking and Follow ups
BRAD final report
Monthly tracking
reports
High and Medium High risks into Tracking system
Monthly tracking of agree actionsDirectors asked to confirm either completion of actions or explanations for any delays with revised dates
Monthly reports
to ExCo
Quarterly reports
Audit Committee
Monthly report of actions to Executive CommitteeExplanations for all overdue actionsChief Executive discusses with MDs responsible
Quarterly report of actions to Audit CommitteeExplanations for all overdue actions
Regular Follow up
Follow up & testing when actions “completed”Report on implementation and re-instate on tracking & reports if not complete
Trends in the BRAD approach
• Increasing request for review of new processes and for ad-hoc advice and guidance
• More specialist and in depth reviews being undertaken
• Role in special investigations• Projects and Programmes for change• More challenging plans • Greater focus on skills and development
of BRAD
• BRAD role in adding value and achieving objectives of the FSA
• Obligation to provide independent assurance• Need to add value without stepping outside
independent assurance role• Must not take on line management
responsibilities that will dilute our ability to audit or to provide independent comment
Delicate balancing act
The challenge for BRAD
BRAD Strategic Plan
• Business – Add value
• Relationships – Work in Partnership
• Assurance – Independence & Objectivity
• Delivery – Dynamic & Influential
Questions