What are the requirements of an Internal Audit function for European listed companies?
What are the requirements of an Internal Audit function for European listed companies?
The ECIIA previously conducted a review of the Corporate Governance Codes currently in place in its member bodies in order to determine the extent that internal audit is considered in the governance structure of listed companies under the typical “comply or explain” regulations.
The research revealed that approximately 90% of EU member countries require or recommend the presence of an internal audit function in listed companies as per the below summary:
- 41% of the codes consider an internal audit function mandatory.
- 48% of the codes strongly recommend the presence of an internal audit function and;
- 11 % of the codes do not have a specific requirement or recommendation about internal audit
In addition, internal audit is generally compulsory within the financial institution’s , in relation to the Basel Committee and insurance regulatory requirements. At the same time, there is little regulation provided as to how to ensure that this function is effective mainly as regards to essential requisites such as independence and scope.
The ECIIA believes the following key principles below are applicable universally to all organizations regardless of sector or industry. The governing body of an organization is responsible for strategic risk oversight. The board and audit committee (or equivalent) should be required to, among other things, define a clear delegation and accountability for risk management and internal control through the “Three Lines of Defense” model. In this model, internal audit assumes responsibility for providing overall assurance to the governing bodies, consistent with existing financial sector regulation. On this basis, internal audit should be required for most organizations. Factors that need to be considered are the complexity of the organization and the need for the governing body to obtain systematic, continuous independent assurance, rather than the size of the company.
Internal audit must be properly structured in order to achieve the objective of global assurance. i.e.
- Organizational independence
- Exclusion of limitations to its scope of review
- Full and unrestricted access to any information and person necessary to achieve its objective
- The adoption of The IIA’s International Standards for the Professional Practice of Internal Auditing (the Standards), including internal and external quality assessment reviews
- In addition, regulatory references to ‘the auditor’ should be specific as to whether they are referring to the external audit or internal auditing.
Different countries (approx 28) in Europe has enacted Internal audit through Corporate Governance codes, some of them are Finland (Finnish Corporate Governance Code 2010), France (Recommendations on Corporate Governance March 2011), Greece (Corporate Governance Codes and Principles – Greece December 2010) and so on with a motive that “ The board of directors should establish the corporate risk management policy as well as control and ensure the proper functioning of the company’s risk management and internal audit systems”.
Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95.
1650 total views, 1 today