Improving Risk Assurance & Audit Efficiency Implementing Continuous .
Improving Risk Assurance &Audit Efficiency implementingContinuous Auditing (CA)5th Annual Internal Audit ForumChristian Schleicher, Vice President Internal AuditBerlin, May 11th 2017
It is not about Continuous Auditing !!! Our need is to improve Risk Assurance and Efficiency Risk Assurance in terms of scope and timing to cover the relevant risks of the bank Efficiency in terms of man days needed to provide the most relevant assurance How could Continuous Auditing support us?2
Agenda Starting point "Traditional Audit function" CA definition and objectives Challenges for implementation Defining CA activities: Key Audit Information (KAIs) and data analysis CA/ KAI examples Q&A3
Starting point "Traditional Audit function"*Process based AuditUniverseGovernanceRisk & Control Assessment(RCA)Audit NeedAudit CycleVery High12ProcessHigh24BusinessSupport4* Focus on bottom-up planningAnnual & Long-termAudit PlanMedium36Low60'17'18'19'20'21AxxxxxBxCxxxx
Continuous Auditing vision: From point in time Assurance.5
Continuous Auditing vision: to Continuous Assurance?6
CA definition: keep it simple!Continuous Auditing"is any method used by auditors to perform audit-related activities on a morecontinuous or continual basis. It is the continuum of activities ranging fromcontinuous control assessment to continuous risk assessment — all activities onthe control-risk continuum."1"Continuous Auditing is audit work on a more frequentbasis"Point in timeaudit preparation andwork programSource: IIA, Global Technology Audit Guide (GTAG ), Continuous Auditing: Implications for Assurance, Monitoring, and RiskAssessment, 200517Continuous auditpreparation andwork program
Continuous Auditing objectives to start with Closer insight/ constant overview and contact to auditees Continuous risk or audit assessment of some key audit objectives Detection of issues on an ongoing basis and in case of severe issues trigger specialinvestigations8 Improve Risk Assessments andplanned audit areas and cycles Contribute to the coverage of theaudit universe - extension of auditcycles Reduce the effort to cover theaudit universePlanned AuditsRCA/ PlanningContinuous Auditing Leverage on time series of informationand data analysis for sampling Reduce or enlarge the scope of audits infocussing on the relevant risks as well asthe depth of audit tests ("Lean Audit") Reduce the effort for a single audit
Major challenges for implementation Mindset of auditors Added value and feasibility Methodological framework Documentation Clients9
CA agile implementation concept – Implementationapproach Implementation of CA as a supporting activity for Planning and Auditing within theexisting methodological sContinuous umentation
CA agile implementation concept – Definition of CAactivities/ KAIsAudit UniverseCA activitiesAudit PlanKey Audit Information(KAIs)Audit objectivesQuantitativeQualitative KAI A relevant, risk-oriented information required to prepare and execute theassessment of a process and to fulfil the audit objectives of the work program Quantitative KAI specific continuously available indicator based on data (KRIs / KCIs /KPIs) Qualitative KAI any relevant information (e.g. meeting minutes)11
Continuous work program draft for a Markets BusinessLine (1/2)Fixed Income and Currencies: Bank wide Business processes and Front office risk management related totrading interest rate-linked products (cash and derivatives), the interface to the related functions of the process chain (line functions,support functions and control functions): i.e. Organisation, Mid Office, RiskManagement, Collateral Management, Accounting, outsourced Back Officeand IT as well as the embedded controls to ensure overall compliance withspecific regulations12
Continuous work program draft for a Markets BusinessLine (2/2)1. Framework and Organisationa) Organisational Structureb) Mission and Main Tasksc) Staff compositiond) New Product Processe) New Algo Processf) Access Rightsg) Operational Riskh) Significant IT Projects2. Business Activitiesa) Business Commentaryb) Quarterly PnL Analysis133. Controlling Processes (Draft)5. Back Officea) VaR vs P&L Backtestinga) Outstanding Confirmationsb) IPVb) EMIR Compliance:Distributionc) FVA, CVA, XVAc) EMIR Compliance: Matchingd) Liquidity4. Middle Officea) Trade Validation KPIsb) Late Trades6. Follow Upa) Internal Findingsb) External ReviewsExample Organisational Structure: AmberImpact: Monitor changes in org structure overcoming months and identify allocation ofresponsibilities
Credit Rating system - Requirements (1/4) Article 191 CRR requires "the internal audit or another comparable independent auditing unit should reviewthe rating system and its operations at least annually". Precisions by ECB:"that internal audits will perform a general annual review of all aspects of the IRB Approach in order todetermine the areas that, due to increased risk, require more thorough review during the year."RTS ON ASSSESSMENT METHODOLOGY FOR IRB APPROACH (EBA/RTS/2016/03) Further guidance by TRIM guide (currently in draft): Internal audit has to "carry out a general risk assessment of all aspects of the rating systems in order todefine the appropriate internal audit work plan. When an area shows signs of increased risk ( ), itshould be subject to a thorough new review (“deep dive”). For other areas where no significantchange has occurred the internal audit may keep its opinion unchanged." "The procedures for the general assessment and prioritisation, the annual work plan, the differentauditing techniques and guidelines, and the subsequent production of the internal audit reports areexpected to be properly documented"14UCB AG – for internal use only
Credit Rating system – Continuous work program draft nTrackingReportingApplication Annual validation cycle hasbeen complied with Tests defined by validationstandards are completelyappliedAdherence totime limitsSegmentation Validation results are traceablyinterpreted and recommendationsderived are plausibleApplication Recommendations fromprevious validations havebeen implemented Validation results have beentransparently reported to andapproved by Risk CommitteeApproval19UCB AG – for internal use only Annual rating, aging, threemonths time limit, 31-daytime limit Assignment to the correctrating procedure, industrymodel, rating duty, amountlimits Additional factors, ratingswithout documents, ratinggroups etc. Overrides, 4-eyes-principle,defaults etc.
Credit Rating system – KAI "Age restriction"* (3/4)Risk When a ratingreaches the status"Age restriction" it willbe automaticallydowngraded with theeffect that RiskWeighted Assets(RWA) increase andthus cost of equity16Indicator Monthly indicator basedon two sub-indicators:o Ratio of clients withoverdue rating updatesfor each of the ratingsystems ( 10% is ok)o Development of thisratio over timeObjective Risk and controlindicator for furtheranalyses andassessments to finetune scope andsamples of ratingaudits Continuous Risk andControl Assessment* "Age restriction" occurs when the age of a rating assessment/class and/or the age of the documentation exceeds a maximum of 15months
Credit Rating system – KAI "Age restriction"* (4/4) Additionalinformation:o Reasons for agerestriction statuso Time in agerestriction status( 3m is ok)o Credit Officeresponsible17 Assessment, ifthere is a need foraction
Q&A Thanks for your attention! Further questions?18
1 Source: IIA, Global Technology Audit Guide (GTAG ), Continuous Auditing: Implications for Assurance, Monitoring, and Risk 7 Assessment, 2005 CA definition: keep it simple! Continuous Auditing "is any method used by auditors to perform audit-related activities on a more continuous or continual basis. It is the continuum of activities ranging from
PSI AP Physics 1 Name_ Multiple Choice 1. Two&sound&sources&S 1∧&S p;Hz&and250&Hz.&Whenwe& esult&is:& (A) great&&&&&(C)&The&same&&&&&
Argilla Almond&David Arrivederci&ragazzi Malle&L. Artemis&Fowl ColferD. Ascoltail&mio&cuore Pitzorno&B. ASSASSINATION Sgardoli&G. Auschwitzero&il&numero&220545 AveyD. di&mare Salgari&E. Avventurain&Egitto Pederiali&G. Avventure&di&storie AA.&VV. Baby&sitter&blues Murail&Marie]Aude Bambini&di&farina FineAnna
The program, which was designed to push sales of Goodyear Aquatred tires, was targeted at sales associates and managers at 900 company-owned stores and service centers, which were divided into two equal groups of nearly identical performance. For every 12 tires they sold, one group received cash rewards and the other received
College"Physics" Student"Solutions"Manual" Chapter"6" " 50" " 728 rev s 728 rpm 1 min 60 s 2 rad 1 rev 76.2 rad s 1 rev 2 rad , π ω π " 6.2 CENTRIPETAL ACCELERATION 18." Verify&that ntrifuge&is&about 0.50&km/s,∧&Earth&in&its& orbit is&about p;linear&speed&of&a .
The quality audit system is mainly classified in three different categories: i Internal Audit ii. External Audits iii. Regulatory Audit . Types Of Quality Audit. In food industries all three audit system may be used to carry out 1. Product manufacturing audit 2. Plant sanitation/GMP audit 3. Product Quality audit 4. HACCP audit
theJazz&Band”∧&answer& musical&questions.&Click&on&Band .
6" syl 4" syl 12" swgl @ 45 & 5' o.c. 12" swchl 6" swl r1-1 ma-d1-6a 4" syl 4" syl 2' 2' r3-5r r4-7 r&d 14.7' 13' cw open w11-15 w16-9p ma-d1-7d 12' 2' w4-3 moonwalks abb r&d r&d r&d r&d r&d r&d ret ret r&d r&d r&d r&d r&d 12' 24' r&d ma-d1-7a ma-d1-7b ret r&d r&d r5-1 r3-2 r&d r&r(b.o.) r6-1r r3-2 m4-5 m1-1 (i-195) m1-1 (i-495) m6-2l om1-1 .
How the BPP ACCA-approved Study Text can help you pass v Studying F8 vii The exam paper x Part A Audit framework and regulation 1 Audit and other assurance engagements 3 2 Statutory audit and regulation 17 3 Corporate governance 35 4 Professional ethics 49 Part B Internal audit 5 Internal audit 75 Part C Planning and risk assessment
