Liquidity is key to a robust and solvent financial sector. Supervisory principles hold boards accountable for an organization’s liquidity adequacy assessment and advocate a relevant and active internal audit role in assessing an organization’s liquidity risk management (LRM) process.
To assure an institution’s senior management and board that liquidity management is aligned to the business strategy and risk appetite, internal auditors need an approach that fulfills internationally supported standards and local regulations.
This guidance, updated from the 2017 edition, gives an overview of international standards and best practices of LRM, including the use of an LRM framework.
This is a whitepaper issued by IIA Australia.
As internal control experts, internal auditors may be called upon to provide advice on an organisation’s system of internal control to management, the audit committee, or both. In particular, audit committees in Australian Government agencies subject to the ‘Public Governance, Performance and Accountability (PGPA) Act’1 are required to review “the appropriateness of the…system of internal control”.
This White Paper is intended to provide guidance to internal auditors on:
- what a system of internal control is.
- what constitutes an ‘appropriate’ system of internal control.
- how to assess a system of internal control.
This paper, created in collaboration with INTOSAI, applies the principles of the model to the public sector, with specific emphasis on the role of internal audit activities, supreme audit institutions, and other external audit providers.
Create real value from operational risk management rather than using a ‘tick box’ approach with this practical guide filled with frameworks, examples and industry poll results.
Technology failures, data loss, issues with providers of outsourced services, misconduct and mis-selling are just some of the top risks that keep financial firms up at night. In this context effective operational risk management is, simply, a commercial necessity. The management of operational risk, defined by the Basel Accord as arising from failures of processes, people, systems or external events, has developed considerably since its early years. Continued regulatory focus and catastrophic industry events have led to operational risk becoming a crucial topic on senior management’s agenda.
This book is a practical guide for practitioners which focuses on how to establish effective solutions and avoid common pitfalls. Filled with frameworks, examples and diagrams, this book offers clear advice on key practices including conducting risk assessments, assessing change initiatives, designing key risk indicators, establishing scenario analysis, drafting appetite statements and carrying out risk reporting. Operational Risk Management in Financial Services also features results from polls taken by risk practitioners which provide a snapshot of current practices and allow the reader to benchmark themselves against other firms. This is the essential guide for professionals looking to derive value out of operational risk management, rather than applying a compliance ‘tick box’ approach.
About the author
Elena Pykhova is an operational risk executive specializing in strategy, design and implementation of firm-wide risk frameworks, based in London, UK. She is a renowned educator, running public and in-house training courses in the UK and internationally for world-leading organisations including the London Stock Exchange Group Academy, the Moller Center Cambridge University and Risk.net. Elena is a thought leader, influencer and founder of a prominent industry think tank, the Best Practice Operational Risk Forum. She is a former Director for Education at the Institute of Operational Risk and chair of the Expert Panel for the Association of Foreign Banks. Passionate about the discipline, she founded her training and consulting practice after 20 years of experience in senior roles at Fortune 500 companies.
Boards must adapt to heightened geopolitical instability, climate-related natural disasters, looming recession, and an accelerating cost of living catastrophe in Europe.
The key to navigating these circumstances will be for senior management teams and boards to stop seeing these as Black Swan events. They are elements of a continuous storm that will blow through Europe in 2023 and beyond.
This is a summary of Risk in Focus 2023, tailored to senior management teams and boards.
Risk in Focus is an annual thought leadership research project analysing the top risks faced by organisations across Europe. It is an essential tool for audit committees and a barometer of what Chief Audit Executives (CAEs) and others perceive as their organisations’ risk priorities for 2023 and beyond.
The theme of this year’s report is navigating and auditing in the perfect storm of high-impact interlocking.
GLOBAL TECHNOLOGY AUDIT GUIDES (GTAG)
Cybersecurity attacks are increasing as the tools for detecting and exploiting vulnerabilities in networked systems and devices become increasingly sophisticated or commoditized. Threatening technologies and methods are advanced by criminal enterprises, state-sponsored hackers, and others with malicious intentions.
An organization’s stakeholders rely on independent, objective, and competent assurance services to verify whether cyber incident response and recovery controls are well-designed and effectively and efficiently implemented. The internal audit activity adds value to the organization when it provides such services in conformance with the Standards and with references to widely accepted control frameworks, particularly those used by the organization’s IT-IS functions.
Intended to serve as a practical, step-by-step approach for internal audit leaders, this guide summarizes the standards, staffing, and resources needed to successfully plan and implement or improve an internal audit activity in the public sector. It reviews existing literature, applicable IPPF guidance, and practical advice from experts who have been through the experience.
This practice guide will help:
- Identify issues to address in establishing an effective internal audit operational delivery model or in improving an existing internal audit activity in compliance with the IPPF and national and local requirements.
- Apply practical considerations when establishing or improving an internal audit activity’s processes such as:
- Creating a strategic plan.
- Establishing a delivery model and organizational position and relationships.
- Identifying necessary resources and competencies and hiring and training staff.
- Creating and carrying out an enterprisewide risk assessment and audit plan; performing and reporting on assurance services and consulting engagements including quality assurance.
- Reporting on internal audit performance and collecting feedback from stakeholders to help ensure organizational value.
- Recognize and handle the political dimension (or potential interference) on internal audit within the public sector, in its planning, performing, and reporting on assurance work in line with the IPPF.
The report captures the breadth and depth of internal auditing and the nuances of industries, sectors, and regions with feedback from more than 3,600 auditors in 159 locations.
The results reveal regional differences within a vibrant and diverse profession that’s not only broadly involved in traditional activities like compliance, risk, and fraud but also adding value for stakeholders through governance, sustainability, and IT/cybersecurity engagements. The report examines how internal audit functions are positioned differently within entities, explores how a function’s reporting line correlates with its funding and dives deeper into other regional differences.
Within the report are 12 action items outlining opportunities for improvement and continued growth.
The World Business Council for Sustainable Development and The IIA collaborate to offer practical suggestions and examples for integrating sustainability considerations into the key roles and responsibilities within The IIA’s Three Lines Model. This paper considers how environmental, social, and governance (ESG) threats and opportunities should be embedded into the Three Lines processes to ensure efficient and effective risk management and internal oversight.
