presentazione di powerpoint - aieaaustria luxembourg ireland as of june 2010. audit ogether taf...
TRANSCRIPT
AudITogetherTAF inspire
AudITogether
Auditing together the ICT Global Company
using the same approach, building a common experience and creating value for the Group
Gianfranco Albergamo – Chief Audit Executive
Siena, 21.10.2010
If you want to go fast
Go alone ...
... If you want to go far,
Go together!
AudITogetherTAF inspire
UniCredit Group
At a glance
2
Resources: ~162.000 (FTEs)
Branches: 9.578
Banking operations: 22 countries
International network: ~ 50 countries
Global Operator in asset management:
~ €185.5 billion of managed assets
Market Leader in Central Eastern Europe
Source: UniCredit Group profile as of August 2010
UniCredit Group benefits from a strong European identity, extensive international presence and broad customer base.
Its strategic position in Western and Eastern Europe gives the Group one of the region's highest market shares.
We UniCredit people are committed to generating value for our customers.
As a leading European bank, we are dedicated to the development of the communities
in which we live, and to being a great place to work.
We aim for excellence and we consistently strive to be easy to deal with.
These commitments will allow us to create sustainable value for our shareholders.
AudITogetherTAF inspire
UniCredit Group
Internal Audit
The goal of the Internal Audit in the UniCredit Group is to contribute to the protection of assets and corporate stability
and provide a “reasonable guarantee” that the organization is able to achieve its goals efficiently through:
controls ensuring that operations are appropriate and carried out in compliance with laws and regulations;
assessment of the effectiveness and efficiency of operating processes;
support provided to Group divisions and companies to obtain a clear view of risk exposure/assessment at division level
and of the implementation of guidelines on internal controls at individual entity level;
assessment of the proper operation of the overall Internal Control System (line or operational controls, and controls on
risk management).
The Parent Company’s Internal Audit Department verifies the conformity of Group companies’ conduct with the Parent
Company’s guidelines and the effectiveness of internal control systems, establishes guidelines, and coordinates and
oversees the internal audit activities carried out by internal audit departments in the Group. In this sense, the Internal Audit
Department performs the function of third- and fourth-level controls.
Every entity in the Group has established an Internal Audit unit responsible for third-level controls.
Where possible, these controls are entrusted to the specialist company UniCredit Audit.
The Parent Company’s Internal Audit Department and the local Internal Audit structures, including in those instances where
the legal entities operate as sub-holding companies, form part of the Internal Audit competence line. The responsibility of the
competence line coincides with the responsibility of the Internal Audit Department.
3
AudITogetherTAF inspire
UniCredit Group
Companies’ mission
4
As of June 2010
UGISGlobal Operations
Services
UniCredit Audit
Internal Audit
UniCredit Audit renders independent
and objective audit and consultancy
services, directed to add value and
improve business processes.
It examines and assesses, in a manner
which is risk–focused and independent of
individual processes:
the effectiveness and appropriateness
of "risk management in general“;
the internal control system in
particular;
the extent to which all activities and
processes comply with the relevant
regulations.
UGIS’s Mission
To provide IT Services to the Companies of the UniCredit Group and to third party players, ensuring the right
level of quality and the continuous improvement of the offered services.
To support the business processes ensuring the global organization coherence and reaching the adequate
service level with the right efficiency.
To design, develop and manage the information system of UniCredit Group ensuring the evolution and
adequacy of the technology infrastructure and of the application landscapes to fulfill the requirements of the
UniCredit Group.
To guarantee continuous IT efficiency improvement and low IT cost position (beating the European
benchmarks) contributing to the overall UniCredit Group efficiency strategy.
AudITogetherTAF inspire
UniCredit Audit
Identity Card
5
Date of establishment: December 13, 2002
UniCredit Audit was founded in front of a larger plan of
reorganization and innovation launched by UniCredit
SpA. The proposed outsourcing of internal audit activities
through the progressive transfer of the internal audit
structure existing in each company to UniCredit Audit
aimed at increasing and enhancing the auditing
effectiveness, efficiency and quality.
Resource: 430
Sites:
Italy
Austria
Luxembourg
Ireland
As of June 2010
AudITogetherTAF inspire
UGIS
Identity Card
6
Date of establishment: March 3, 1997
Shareholders :
UniCredit Bank Austria AG (10,022%)
Bayerische Hypo-und Vereinsbank (24,721%)
UniCredit Group SpA (65,257%)
Company owned : Quercia Software SpA
Data Center: 3 global (Austria, Germany, Italy)
Resource: 4.138
Sites: 19 in 8 countries:
Austria (Vienna); Czech Republic (Prague);
Germany (Munich, Hamburg); Great Britain (London);
Hungary (Budapest); Italy (Ancona, Bologna, Brescia,
Milan, Palermo, Rome, Turin, Treviso, Trieste, Verona);
Poland (Lodz, Warsaw); Slovakia (Bratislava)
Operating Organization:
UGIS is organized in Competence Centres as structures
based on groups of specialists dedicated to the
development and management of one or more assets of
the Information System, or technological activities
management.
The Competence Centres can be global (when they
deploy solutions and services to customers exclusively
and globally) or local (when they deploy solutions for
specific business areas or countries).
As of June 2010
Distribution of resources by country
AudITogetherTAF inspire
UGIS
Service Model and Service Value
7
Is the only contractor/integrator of ICT
services, incorporating all ICT staff/roles
Owns ICT assets and capitalizes ICT
investments
Is empowered and accountable for its
budget assigned on a yearly basis
Establishes “full service” model with the
customers, where projects plan is incorporated
as a “budget pool” in the overall ICT yearly
plan. An “yearly fee” is applied including
running costs, ICT platform and application
maintenance/evolution
By exception, relevant projects / requests not
included in the planned yearly fee are
evaluated through specific business cases, in
order to agree with the users upon deployment
timing and costs
Effectiveness regularly monitored through
specific SLA and market benchmarks
ICT efficiency enhancement
Sustainable efficiency beating the European
benchmarks:
Higher ICT delivery productivity
Increased economies of scale and group-
wide standardization
Steady, predictable ICT budget evolution
ICT service improvement
Strong business know-how in ICT Company
for better understanding/fulfillment of business
priorities
Higher service quality from global competence
centers
Shortened time-to-market from a standardised
global delivery model
THE GLOBAL ICT COMPANYVALUE FOR THE INTERNAL
CUSTOMERS
AudITogetherTAF inspire
UGIS
Organizational Chart
8
Human
Resources
Organizational
Governance
Infrastructure
Management &
Customer Services
Legal,
Compliance &
ORM
Planning,
Finance &
Administration
Communication
Quercia Software
(*) Group CIO - Head of Group CT within GBS SBA
Business
Relationship
Management
EUROSIG CB,
Global Business &
GES
CEE Commercial
Banking
Global Markets &
Treasury
ICT Procurement &
Cost Management
ICT Security
CEO*
Chairman
_____________
Board of Directors
Regional Manager
Austria
Regional Manager
Germany
Chief Audit Executive
(By UniCredit Audit)
AudITogetherTAF inspire
LEGENDA
9
AudITogether
Operating Needs
The Global ICT Company has been set up through a specific convergence program (2B1 Program)
started in 2006 and has been achieved in 2009 through the merging of the 3 ICT former Group firms
(UGIS, HVB IS and Wave), following:
From the 1st of August 2009 the London HVB AG branch will be carved-out to UGIS
From the 1st of July 2010 the Hungary IT Dept will be carved-out to UGIS
From the 1st of January 2011 the Slovakia IT Dept will be carved-out to UGIS
In 2011 others IT Dept will be carved-out to UGIS
Services
Audit
The Internal Audit Function of the Global ICT Company is
also the IT Competence Center for UniCredit Audit mainly
involved in the Italian Perimeter
Internal Audit
Function
UGISUGIS
AudITogetherTAF inspire
10
10
AudITogether
Target Audit Framework
General
Principles
Risk
AssessmentPlanning Execution Reporting Monitoring
Audit
Standards
Audit
Universe
Risk Assessment
Process
Strategic
Planning
Annual
Planning
Engagement
Set up
Working Papers
Engagement
Reporting
Findings Eval.
and Classification
Audit Tracking /
Follow up Audit
…
…
…
Pillar Building Block Involved in AudITogether
… …… … …
Illustrative
…… …… … …
…… …… … …
…… …… … …
AudITogetherTAF inspire
11
AudITogether
Risk Assessment and Planning
Risk Assessment
The Risk Assessment has been
evaluated based on the UGIS Process
Map and UGIS Service Catalogue.
Each Risk Assessment of the Internal
Audit Dept of UGIS’ Customers has
been took into consideration
calculating the final Risk evaluation as
the worst case for each topic within
different lists
General
Principles
Risk
AssessmentPlanning Execution Reporting Monitoring
Annual Plan
The Annual plan is the result of the
previous steps including all needs
coming from the Internal Audit Dept of
the banks that are UGIS Customers.
Each audit has been classified using the
field work activities and the impact on
the related Company as criterion:
Direct Audit
Joint Audit
Reliance Audit
AudITogetherTAF inspire
12
AudITogether
Execution, Reporting and Monitoring
#1 – Operational Planning
LEGENDA
Planning
Coordination
Field work
Coordination
#2 – Execution
UGIS
#3 – Reporting and Monitoring
Mandatory Requirements
IT Competence Center
Organization
Group Audit Policy
UGIS’ Customer contracts
Operating impacts on
UGIS Competence Center
General
Principles
Risk
AssessmentPlanning Execution Reporting Monitoring
AudITogetherTAF inspire
13
AudITogether
… some figures
Resources 20
Joint 1.158
Reliance 164
Resources 8
Joint 25
Reliance 110
No Resources
Comp. Center 48
CAE UGIS
Resources 22
Comp. Center 1.173
Planned for 2011
Planned for 2011
AudITogetherTAF inspire
14
PILLARS
AudITogether
Pillars vs. Results
The common agreement was able to provide
the following main
Target Audit Framework
Each kind of agreement has to take care the
TAF deliveries avoiding
deviation/differentiation but, if necessary,
adopting the common framework in advance
as its test case and providing feedback to it.
Operating Needs
Each kind of agreement has to consider all
requests of the audit plans of Banks and UGIS,
highlighting the weaknesses both for UGIS
both for the Banks, and consequently for the
UniCredit Group.
RESULTS
COMMON PROCESS
Structured and repeatable ways of working
to give the possibility to different auditors to
work together focusing their efforts only on the
on-field activities
ONE FACE TO THE CUSTOMER
From planning to delivery to synchronize
the visits on UGIS guaranteeing more
Company efficiency and unique/common audit
recommendations
ONE REPORT FOR ALL
Shared results to permit to all audit functions
to obtain information about the present
weaknesses even if they did not execute the
audit activities on the field
MUTUAL TRUST
Tight cooperation between different audit
functions to increase knowledge and the
expertise matured on the filed ensuring
effectiveness for the future audits
AudITogetherTAF inspire
15
AudITogetherTAF inspire
AudITogether
Auditing together the ICT Global Company
using the same approach, building a common experience and creating value for the Group
End of presentation
If you want to go fast
Go alone ...
... If you want to go far,
Go together!