Financial Services. Internal Audit: What s on the horizon? kpmg.co.uk
|
|
- Ashley Bell
- 7 years ago
- Views:
Transcription
1 Financial Services Internal Audit: What s on the horizon? kpmg.co.uk
2 Contents Introduction 1 Information Security 2 Integrated Assurance any gaps in the plan? 2 Change portfolio is your change portfolio fit for purpose? 2 Business continuity, disaster recovery and business survival can you cope with a crisis? 3 Financial Crime (incl. Anti-Bribery and Corruption (AB&C)) are you covered? 3 Capital and Liquidity Management do you have enough to get by in a squeeze? 4 Corporate Governance how does it fit together? 4 Regulatory conduct preparedness how are your plans and progress reporting? 4 Credit Risk and Impairment how is your coverage and accuracy of systems and reporting? 5 Solvency II does the insurance industry have sufficient capital to cover its risks? 5 Outsourcing and Third Party Management are we still managing the risk effectively? 5
3 Internal Audit: What s on the horizon? 1 Introduction Being nimble is a critical attribute for all Financial Services Internal Audit teams. There is an ongoing responsibility to survey the landscape to look for new, or heightened, risks and ensuring scarce resources are directed to the areas that matter most brings with it a powerful combination of factors that mean the ability to adapt is more important than ever. Economic uncertainty, the fragility of the technology on which we depend, the search for new ways of working to drive efficiency, new market and product opportunities, regulation, human behaviour and the pace of organisational change, are all contributing to the increased velocity of emerging risks that can threaten business stability. With this in mind we have pulled together a summary of common risks impacting how Financial Services Internal Audit teams are looking at their future plans. Teams are also challenging established operating models to re-define how they provide assurance and add value to the organisations they serve. The areas being targeted include: Flexibility: The world is changing at a phenomenal pace. Internal audit plans must be regularly reviewed and challenged to ensure they remain relevant. If a plan looks the same as it did 12 months ago, alarm bells should be ringing. Effective challenge: Internal audit must be the control conscience of the organisation. The team should be clear in articulating what is needed from an assurance perspective and make sure their voice is heard, encouraging debate and securing the right resource and specialist skills. Refresh: Teams are taking a fresh look at their integrated governance, risk and control frameworks. Are roles clearly defined, and do activities fit seamlessly? Assurance mapping is just one example: do you have a clear picture of how all of your assurance activities are working together? Engage: Internal audit have a unique opportunity, and responsibility, to identify emerging risks and support the board and risk teams as part of an effective, integrated governance, risk and assurance cycle. Now is not the time to be a bystander. Innovate: With demands to do more for less, innovation is key. Enhanced self assessment processes or detailed control surveys are two examples. Embedding more and better use of technology is becoming the norm, ranging from data analytics to continuous audit initiatives. Be brave: Assurance spend must be managed efficiently just as in any other part of the business. However, when resource and budget constraints become the primary driver of assurance activity, something is wrong and concerns must be raised. The ongoing global turbulence and sheer velocity of business change means some of the issues faced may be new and uncharted, but the responsibility is no different: Internal Audit must support the strategic and risk management teams to understand the consequences of today s and tomorrow s business operations, what might go wrong and where Internal Audit can best support business objectives. Anthony Kennedy Partner, UK Head of Financial Services Internal Audit
4 2 Internal Audit: What s on the horizon? Internal Audit What s on the horizon? Information Security Threats to information security are more sophisticated and emerging faster. Now, organisations and individuals are being specifically targeted for attack and motivations arise for many reasons including from organised crime and political beliefs. This, combined with the pace of change and adoption of new technologies make all things IT an imperative. Data leakage have you classified data according to its sensitivity and can you identify where all your data is and who has access to it? Think about how the business is protecting itself against data leakage incidents, monitoring to detect where they may have occurred, creating effective incident response processes and updating your approach when a new threat arises. New technologies cloud computing, server virtualisation, increasing use of social media, near field communication and micro-payment systems are racing forward. Have you identified the risks and audit needs associated with a new technology, planned or recently implemented, for example: security; maintenance; vulnerability; contamination; backup/recovery? Understanding your specific cyber threat internal audit must consider the specific threat; does your industry, profile, nature of operations or relationships put you at a higher risk? If the answer is yes, direct the audit plan to focus on security. Skills and resources IT risks are complex and mercurial. Assurance has to be in place, delivered by teams with the right skills. Leaving black holes in the audit plan because of potential skills gaps must be avoided. Integrated Assurance any gaps in the plan? Do you have a clear picture of how well assurance activities are working together? Mapping out the different sources of assurance will help you challenge the status quo. The growth of the remit of Compliance and Risk has led to a challenge of certain Internal Audit activities. How do the three Lines of Defence operate together? How do you know that there aren t significant levels of assurance duplication? Are you comfortable that there are no gaps in your current overall assurance coverage? Are stakeholders confident that risks are being managed and reported on effectively and that critical obligations are being met? An assurance mapping exercise will provide a coordinated view of your assurance providers and introduce frameworks which promote closer working relationships, common goals, efficient coverage and consolidated reporting. Change portfolio is your change portfolio fit for purpose? It is an unprecedented time of change within the financial sector. In order for a business to meet its strategy, it is therefore key that its change portfolio is set-up and managed appropriately as well as the programmes and projects within it. How is the portfolio of change managed? Who is involved, what basis are prioritisation decisions made upon and how is progress reported to senior management? Are risk management principles sufficiently embedded and demonstrated? Is there a defined programme / project management methodology in place? How rigorously is this adhered to, and how are exceptions flagged and investigated to satisfactory resolution? To what extent are benefits of change projects measured and communicated to senior management? How is change resourced including use of internal and external resource, and also the internal audit team reviewing change? What technology is used in undertaking and monitoring change projects? How user friendly is this? How does Internal Audit collaborate with others?
5 Internal Audit: What s on the horizon? 3 Business continuity, disaster recovery and business survival can you cope with a crisis? Constant change is todays norm but are those changes reflected in existing and new business and IT service continuity arrangements? In planning audit work there are a broad range of considerations to consider. Is your business impact analysis good enough? Does it adequately determine business critical processes and functions, their critical dependencies, partners and recovery timescales? Have plans been adequately tested? Have you covered all the angles legacy infrastructure, a growing technology estate and new technologies such as Cloud? Are all group operations and different parts of the business fully aligned? Has crisis management been tested to restrict reputational damage? Has the business identified and worked with its critical partners? Ask suppliers for evidence of their testing plans. When looking at business continuity, consider more extreme disruptions; for example rioting, regime change, and extreme natural disasters. Is an industry recognised approach being followed to business continuity management (e.g., BS25999)? Skills and resources IT risks are complex and mercurial. Assurance has to be in place, delivered by teams with the right skills. Leaving black holes in the audit plan because of potential skills gaps must be avoided. Financial Crime (inc. Anti-Bribery and Corruption (AB&C)) are you covered? Firms continue to invest in improving their antifraud controls, including incorporating AB&C controls, to meet requirements of the UK Bribery Act 2010, effective from 1 July 2011, yet the level of internal and external fraud is still rising. Has the business mapped the fraud threat landscape against a changing controls environment? Has the exercise been reviewed to incorporate AB&C requirements? Is the business aware or in denial of the risk? Is there a fraud risk management strategy? Have you reviewed the existence and adequacy of fraud policy, staff training and awareness, and the fraud reporting structure? Do you include fraud risks in all audits and pull together a fraud risk picture as part of progress/annual reporting? Has restructuring of areas such as finance exposed controls to weakness or breach? Are fraud related roles clear? How robust and embedded is the programme in place to manage AB&C risks? Do contractual clauses with third parties and suppliers contain the appropriate AB&C clauses? How confident are you that your Anti Money Laundering (AML) controls are aligned to regulatory requirements and operating effectively, including AML reporting?
6 4 Internal Audit: What s on the horizon? Capital and Liquidity Management do you have enough to get by in a squeeze? The unprecedented events of the global financial crisis have led to worldwide tightening of credit lines and an increasing level of information demanded by regulators. There is a general drive towards understanding exposures and calculating associated liquidity and capital needs. How robust is the link between credit risk and capital requirements? Are you compliant with Basel II? What is the current role of Internal Audit in the ICAAP process? Are ratings and capital calculation models fit for purpose? How prepared are you for Basel III implementation and the requirements of the Independent Commission on Banking? Is your stress testing aligned with your peer group? How robust is your Individual Liquidity Adequacy Assessment (ILAA) reporting? How advanced/effective is your Recovery and Resolution Planning? What is the role of Internal Audit in this process? Corporate Governance how does it fit together? Turner, Walker, the FRC and the Independent Commission on Banking several independent bodies, all highlighting weaknesses in Corporate Governance. In the light of the worst global recession for almost 100 years; governments, regulators and the public alike are asking where did it all go wrong? What is the composition and skills of the Board? Is this evaluated annually? Are independence issues fully investigated and appropriately disclosed? Is succession planning effective? How are NEDs inducted? What knowledge and skills are they equipped with? How are they remunerated? Is there clear evidence of challenge? How does the Board Committee structure (including Sub-Committees) work? Is there transparency in reporting lines, responsibility and accountability? Is this effective and up to date? How are strategic goals defined, resources allocated and expectations managed? How effective are Risk Management and Internal Control processes? Are you aligned to the FSA Remuneration Code? Regulatory conduct preparedness how are your plans and progress reporting? The global regulatory regime is experiencing unprecedented change, none more so than in the UK. Against this backdrop the Financial Conduct Authority is being established (2013) and a series of policies are being released which firms will be required to comply with. Are you familiar with timetables of AIFMD, UCITS IV, Retail Distribution Review, FATCA, MiFID, MMR and Client Assets? Are you ready to assist a more intrusive regulator with their enquiries? Is your MI accurate, timely and complete? What independent assurance are Internal Audit providing regarding the preparedness of your organisation to meet these new requirements? What is the extent of your role? Are you consulted as plans progress? Is your progress reporting timely and correctly focused? Is your existing Internal Audit coverage of conduct issues sufficient covering sales, customer targeting, TCF, the effectiveness of the Compliance function, etc
7 Internal Audit: What s on the horizon? 5 Credit Risk and Impairment how is your coverage and accuracy of systems and reporting? From a micro level the ability of individuals to repay loans, to a macro level the threats to sovereign debt within the EU the area of credit risk is increasingly becoming a key driver in business strategy, exacerbated by the direct link to capital requirements under Basel III and Solvency II. What does credit risk mean to your organisation? Does this cover retail, commercial and wholesale risks? What MI and training is provided to senior management in this area? What kind of measures are used to capture and monitor wholesale counterparty risk, does this include primary and market sensitive indicators, and are all deposits and derivatives of subsidiaries covered? How timely is this measurement? Are the Board aware of the scale of forbearance activities and possible impact on arrears and provision balances? How involved are Internal Audit in reviewing impairment processes? Can management be confident in the accuracy of arrears and impairment data? Are models fit for purpose? Solvency II does the insurance industry have sufficient capital to cover its risks? The goal of Solvency II is to create a risk-based Solvency regime for the insurance industry, consistently applied throughout Europe. The first wave of implementation is scheduled for 1 Jan Is Internal Audit geared to fulfil its role in the drive for implementation and embedding? What is the nature of Internal Audit involvement in Pillar I calculations data integrity, capital model reviews, stress and reverse stress testing, etc? How robust is the change programme to support Solvency II activity are systems and governance structures embedded and fit for purpose? Is Internal Audit independently assessing Pillar II processes, including how the organisation has calculated it Own Risk and Solvency Assessment (ORSA), particularly challenging the completeness of risks faced and compliance, on a continuous basis, with capital requirements and technical provisions. Are Pillar III disclosures consistent (private and public reporting), timely, complete and analysis undertaken to align with wider financial reporting? Outsourcing and Third Party Management are we still managing the risk effectively? The increasing globalisation of business has led to a significant volume of outsourcing and use of third parties, typically including off-shoring of support functions. Is there adequate understanding of the risks of outsourcing and offshoring? Have these circumstances been factored into the work of assurance providers, including the Internal Audit plan? Are you brave enough to de-scope immaterial areas? How do you assess third parties risk management and regulatory compliance systems and controls? Role for ISAE3402/3000? Do we know which third parties we are doing business with? Have we run all required background checks and investigated results to satisfactory resolution? Are suitable contracts in place? Are we compliant with SYSC 8 requirements, and can we clearly demonstrate this ongoing compliance, including reporting to Executive Management? What is the strategy for third parties? Are there clear lines of accountability and responsibility when dealing with third parties? How effectively are controls operated across Procurement, Finance, Risk, HR and the Operations? If you are an outsourcer, how do you manage client reviews?
8 If you have any questions, please feel free to contact any of the below: Anthony Kennedy Partner, UK Head of Financial Services Internal Audit T: M: E: Richard Gabbertas Partner, FS Internal Audit, Head of Regions T: M: E: David Fineberg Director, Internal Audit, Banking T: M: E: Katie Clinton Director, Internal Audit, Insurance T: M: E: Amir Sethu Director, Internal Audit, Insurance T: M: E: Richard Scott-Hopkins Director, Internal Audit, Investment Management T: M: E: The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International. RR Donnelley I RRD I March 2012 I Printed on recycled material.
Solvency II benchmarking survey
INSURaNce Solvency II benchmarking survey Life Insurers November 2011 kpmg.co.uk/solvencyii 2 SoLveNcy II benchmarking SURvey - LIfe INSUReRS SoLveNcy II benchmarking SURvey - LIfe INSUReRS 3 Contents
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationUnder control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint
Under control 2015 Hot topics for IT internal audit in financial services An Internal Audit viewpoint Introduction Welcome to our fourth annual review of the IT hot topics for IT internal audit in financial
More informationCapital Requirements Directive Pillar 3 Disclosure. December 2015
Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay
More informationCapital Market Services UK Limited Pillar 3 Disclosure
February 2013 Capital Market Services UK Limited Pillar 3 Disclosure Contents 1.0 Overview 2.0 Frequency and location of disclosure 3.0 Verification 4.0 Scope of application 5.1 Risk Management objectives
More informationPublic reporting in a Solvency II environment
Public in a Survey report August 014 kpmg.co.uk 0 PUBLIC REPORTING IN A SOLVENCY ENVIRONMENT Contents Page 1 4 5 Introduction Executive Summary Public Disclosures 4 Changes to Financial Framework 11 KPMG
More informationNavigate the regulatory maze
www.pwc.com.cy Navigate the regulatory maze Delivering Regulatory Compliance services to the Financial Services industry September 2014 As at July 2014 there were more than 40 licensed banking institutions
More informationTAX MANAGEMENT CONSULTING. How can you be more efficient at managing tax?
TAX MANAGEMENT CONSULTING How can you be more efficient at managing tax? NEW HEAD OF TAX/CFO TAX TRANSPARENCY Business Case Dispute Resolution Finance Transformation Authority Interaction Compliance Delivery
More informationThe Regulatory Framework for Social Housing in England Governance and Financial Viability standard requirement: Governance Annual Assessment
East Thames Group The Regulatory Framework for Social Housing in England Governance and Financial Viability standard requirement: Governance Annual Assessment 1 Context 1.1 Under the Regulatory Framework,
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationLondon Business Interruption Association Technology new risks and opportunities for the Insurance industry
London Business Interruption Association Technology new risks and opportunities for the Insurance industry Kiran Nagaraj Senior Manager, KPMG LLP February 2014 Agenda Introduction The world we live in
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationCyber Security Evolved
Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationChief Risk Officer s report
Strategic report Governance Financial statements Chief Risk Officer s report Throughout 2014, OneSavings Bank has taken an active approach to risk management and has continued to build on a best-in-class
More informationAudit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee
Audit Committee Dear Shareholder, We are satisfied that the business has maintained robust risk management and internal controls, supported by strong overall governance processes, and that management have
More informationEBA Guidelines on Internal Governance
EBA Guidelines on Internal Governance Bernd Rummel Policy Expert Regulation, EBA 15 April 2013 Malta 2013 EBA European Banking Authority Contents Guidelines on Internal Governance (GL44) > The Single Rulebook
More informationClose Brothers Group plc
Close Brothers Group plc Pillar 3 disclosures for the year ended 31 July 2008 Close Brothers Group plc Pillar 3 disclosures for the year ended 31 July 2008 Contents 1. Overview 2. Risk management objectives
More informationKeeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit
Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit 2014 Welcome to our third annual review of the IT hot topics facing Internal Audit functions within
More informationIIA South West Event. A look at key supply chain risks and why contracting is a key step 14 January 2015
IIA South West Event A look at key supply chain risks and why contracting is a key step 14 January 2015 Objectives and agenda Page The contact at KPMG with respect to this presentation is: Iain Prince
More informationPreparing to become a Hedge Fund/Open-ended Fund AIFM. May 2013. March2013. Preparing to become an AIFM 1
Preparing to become a Hedge Fund/Open-ended Fund AIFM May 2013 March2013 Preparing to become an AIFM 1 Complying with AIFMD We are pleased that the text of the implementing measures has been published.
More informationForensic Services. kpmg.hu
Forensic Services kpmg.hu We help you curb your losses. Our forensic team provides services designed to assist you in matters of a commercial or financial nature that may result in a legal or regulatory
More informationInternal Audit Landscape 2014
Internal Audit Landscape 2014 Agenda Examining the evolution of risk in today s digital world and the impact on traditional audit, security, risk, and compliance functions Emerging internal audit methodologies
More informationMastering Finance Business Partnering. The missing pillar in building Finance leadership February 2011. kpmg.co.uk
Mastering Finance Business Partnering The missing pillar in building Finance leadership February 2011 kpmg.co.uk ii Section or Brochure name Contents Introduction 1 The Role of Finance Business Partners
More informationBanking and Financial Services Internal Audit Group
Banking and Financial Services Internal Audit Group Hot topics for 2014 Audit Planning Lunch Time Seminar Alana Thorne, Director althorne@deloitte.co.uk +44 20 7007 8479 Chit Ghee Yeoh, Associate Director
More informationYear 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction
Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction The purpose of this paper is to help financial institutions, in particular their senior management, address business
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationDirect Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference
Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference Chair An Independent Non-Executive Director In the absence of the Committee Chairman and an appointed
More informationInstitute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander
Institute of Internal Auditors Cyber Security Birmingham Event 15 th May 2014 Jason Alexander Introduction Boards growing concern with Cyber Risk Cyber risk is not new, but incidents have increased in
More informationEnsuring Optimal Governance and Relationship Management Between Parties
Ensuring Optimal Governance and Relationship Management Between Parties 16 th October 2012 Noel Cullen Head of Sourcing, Financial Services Who KPMG Financial Services sourcing are The FS sourcing team
More informationRISK MANAGEMENt AND INtERNAL CONtROL
RISK MANAGEMENt AND INtERNAL CONtROL Overview 02-09 Internal control the Board meets regularly throughout the year and has adopted a schedule of matters which are required to be brought to it for decision.
More informationGUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS
GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS 1.0 Introduction 1.1 Good corporate governance practice improves safety and soundness through effective risk management and creates the ability to execute
More informationAudit Committee Institute Assessment of audit committees
Audit Committee Institute Assessment of audit committees KPMG s AUDIT COMMITTEE INSTITUTE In addition to reviewing its terms of reference, audit committee members should also review the effectiveness of
More informationBusiness continuity management policy
Business continuity management policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSADPN001b S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review
More informationTechnology and Cyber Resilience Benchmarking Report 2012. December 2013
Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities
More informationshareplc: Pillar 3 Disclosures CONTENTS Oxford House Oxford Road Aylesbury Buckinghamshire HP21 8SZ phone 01296 41 41 41 visit www.shareplc.
Pillar 3 Disclosures 3 March 2015 Based on Financial Data as at 31 December 2014 CONTENTS 1.0 Introduction 3 2.0 Risk Appetite 5 3.0 Risk management objectives and processes 6 4.0 Risk categories and exposures
More informationThird party assurance services
TECHNOLOGY RISK SERVICES Third party assurance services Delivering assurance over your service providers The current third party service provider environment Corporate UK has been transformed in recent
More informationRISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012)
RISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012) Integrated Risk Management Framework The Group s Integrated Risk Management Framework (IRMF) sets the fundamental elements to manage
More informationThe value of assurance in managing risks Insurance Internal Audit 2016. Governance, risk & assurance Internal audit PRECISE. PROVEN. PERFORMANCE.
The value of assurance in managing risks Insurance Internal Audit 2016 Governance, risk & assurance Internal audit PRECISE. PROVEN. PERFORMANCE. The value of assurance in managing risks Insurance Internal
More informationAsset management. Strategic use of technology and outsourcing to address cost pressures and enhance market position
Financial institutions Energy Infrastructure, mining and commodities Transport Technology and innovation Life sciences and healthcare Asset management Strategic use of technology and outsourcing to address
More informationGuideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016
Guideline Subject: Category: Sound Business and Financial Practices No: E-21 Date: June 2016 1. Purpose and Scope of the Guideline This Guideline sets out OSFI s expectations for the management of operational
More informationSolvency II model assurance. 12 April 2012
Solvency II model assurance Zdeněk Roubal, Manager 12 April 2012 Solvency II assurance Organizations might want or even need to obtain assurance that their design and Solvency II implementation is on track.
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationRisk Management Programme Guidelines
Risk Management Programme Guidelines Submissions are invited on these draft Reserve Bank risk management programme guidelines for non-bank deposit takers. Submissions should be made by 29 June 2009 and
More informationUniversity of Edinburgh Risk Policy and Risk Appetite
University of Edinburgh Risk Policy and Risk Appetite 1. Pushing the boundaries of knowledge, innovating, and implementing strategic developments will always have risks. Effective risk management increases
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationPILLAR 3 DISCLOSURES 2009
PILLAR 3 DISCLOSURES 2009 Company Registration Number: C 16343 Contents Page Introduction............................................................... 3 Risk Management Objectives and Policies.................................
More informationData Centre Managed Services Market
Data Centre Managed Services Market Martin Molloy 20/03/2012 Macro Challenges Recession User growth and diversity The world of collaboration Clouds on the horizon Cloud market - 48% compound annual growth
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationthe role of the head of internal audit in public service organisations 2010
the role of the head of internal audit in public service organisations 2010 CIPFA Statement on the role of the Head of Internal Audit in public service organisations The Head of Internal Audit in a public
More informationOWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT
OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT ERM as the foundation for regulatory compliance and strategic business decision making CONTENTS Introduction... 3 Steps to developing an
More informationDecision on recovery plans of credit institutions. Subject matter Article 1
Pursuant to Article 101, paragraph (2), item (8) and Article 154, paragraph (2) of the Credit Institutions Act (Official Gazette 159/2013) and Article 43, paragraph (2), item (9) of the Act on the Croatian
More informationCYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY
CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationAchieve. Performance objectives
Achieve Performance objectives Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants.
More informationInternal Audit - progress report 2015-16 and 2016-17 plan
Audit Committee, 16 March 2016 Internal Audit - progress report 2015-16 and 2016-17 plan Executive summary and recommendations Introduction Grant Thornton have prepared the attached report which sets out
More informationTwin-peaks regulation: key changes and challenges
financial services Twin-peaks regulation: key changes and challenges november 2012 kpmg.co.uk/fs Twin peaks: the new landscape On 15 and 16 October 2012, the fsa released publications outlining the approach
More informationJupiter Asset Management Ltd Pillar 3 Disclosures as at 31 December 2014
Jupiter Asset Management Ltd Pillar 3 Disclosures CONTENTS Overview 2 Risk management framework 3 Own funds 7 Capital requirements 8 Credit risk 9 Interest rate risk in non-trading book 11 Non-trading
More informationSolihull Clinical Commissioning Group
Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience
More informationFrom ICAAP/ORSA to ERM: Board and Senior Management Oversight. Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca
From ICAAP/ORSA to ERM: Board and Senior Management Oversight Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca Agenda Basel II ICAAP Solvency II ORSA ERM From ICAAP/ORSA to ERM: Governance
More informationPCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES
PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES Cyber Attacks: How prepared are you? With barely a day passing without a reported breach of corporate information security, the threat to financial
More informationMiFID II/MiFIR. Implications for Fund Managers. May 2014. 2014 Deloitte LLP. All rights reserved.
/MiFIR Implications for Fund Managers May 2014 Webinar participants Manmeet Rana Senior Manager Audit Deloitte UK mrana@deloitte.co.uk +44 20 7303 8624 Manmeet Rana is a Senior Manager within Deloitte
More informationCorporate governance statement
Corporate governance statement Compliance with the UK Corporate Governance Code In the period to 30 March 2013, as detailed below and in the risk and risk management report and the remuneration report
More information1. Introduction... 3. 2. Process for determining the solvency need... 4. 3. Definitions of main risk types... 9
Contents Page 1. Introduction... 3 2. Process for determining the solvency need... 4 2.1 The basis for capital management...4 2.2 Risk identification...5 2.3 Danske Bank s internal assessment of its solvency
More informationRelationship Manager (Banking) Assessment Plan
Relationship Manager (Banking) Assessment Plan ST0184/AP03 1. Introduction and Overview The Relationship Manager (Banking) is an apprenticeship that takes 3-4 years to complete and is at a Level 6. It
More informationINTERNAL CAPITAL ADEQUACY ASSESSMENT
INTERNAL CAPITAL ADEQUACY ASSESSMENT 30 june 2011 Contents Page 1. Introduction... 3 2. Process for determining the solvency need... 4 2.1. The basis for capital management... 4 2.2. Risk identification...
More informationFCA Thematic Review Delegated Authority: Outsourcing in the General Insurance Market
FCA Restricted IAC Forum FCA Thematic Review Delegated Authority: Outsourcing in the General Insurance Market Lloyd s Old Library 25 September 2015 FCA Restricted Delegated authority: Outsourcing in the
More informationBOARD OF GOVERNORS FEDERAL RESERVE SYSTEM
BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D.C. 20551 DIVISION OF BANKING SUPERVISION AND REGULATION DIVISION OF CONSUMER AND COMMUNITY AFFAIRS SR 12-17 CA 12-14 December 17, 2012 TO
More informationAIFM DIRECTIVE: ESMA CONSULTATION PAPER
AIFM DIRECTIVE: ESMA CONSULTATION PAPER On 13th July ESMA published its consultation on the implementation measures for the Alternative Investment Fund Managers Directive (AIFMD). The AIFM Directive aims
More informationCyber security: Are consumer companies up to the challenge?
Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More informationAudit Quality Thematic Review
Thematic Review Professional discipline Financial Reporting Council January 2014 Audit Quality Thematic Review Fraud risks and laws and regulations The FRC is responsible for promoting high quality corporate
More informationRisk Management & Business Continuity Manual 2011-2014
ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page
More informationBrevan Howard Asset Management LLP Pillar 3 Disclosures. Brevan Howard (2014). All Rights Reserved.
Brevan Howard Asset Management LLP Brevan Howard (2014). All Rights Reserved. Regulatory Context The following disclosures are provided pursuant to the Pillar 3 disclosure rules as laid out by the Financial
More informationPlanning ahead Hot topics facing Financial Services organisations in IT Internal Audit
Planning ahead Hot topics facing Financial Services organisations in IT Internal Audit 2013 During Q4 2012, we surveyed Heads of IT Internal Audit at 22 global Financial Services organisations to identify
More informationSolvency II Detailed guidance notes
Solvency II Detailed guidance notes March 2010 Section 1 - System of governance Section 1: System of Governance Overview This section outlines the Solvency II requirements for an effective system of governance,
More informationLot 1 Service Specification MANAGED SECURITY SERVICES
Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services
More informationTransforming risk management into a competitive advantage kpmg.com
INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.
More informationRisk Management Framework
Risk Management Framework Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Source:
More informationImplementing and monitoring effective compliance policies & procedures. charlesrussellspeechlys.com
Implementing and monitoring effective compliance policies & procedures charlesrussellspeechlys.com Robert Bond Partner Robert Bond has over 36 years' experience in advising national and international clients
More informationRecognised Investment Exchanges. Chapter 2. Recognition requirements
Recognised Investment Exchanges Chapter Recognition REC : Recognition Section.3 : Financial resources.3 Financial resources.3.1 UK Schedule to the Recognition Requirements Regulations, Paragraph 1 (1)
More informationSolvency ii: an overview. Lloyd s July 2010
Solvency ii: an overview Lloyd s July 2010 Contents Solvency II: key features Legislative process Solvency II implementation Conclusions 2 Solvency II: key features 3 Solvency II the basics Introduces
More informationBank of America NA Dublin Branch Market Discipline. Basel II - Disclosures
Bank of America NA Dublin Branch Market Discipline Basel II - Disclosures Disclosure 1 - Scope of application The Basel II disclosures contained herein relate to Bank of America, NA Dublin Branch herein
More informationInforming the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013
Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council This version of the report is a draft. Its contents and subject matter remain under review and its contents
More informationSUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS
SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 ISSUED: 4 th May 2004 REVISED: 27 th August 2009 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS I. INTRODUCTION The Central Bank
More informationJulian Hodge Bank Limited. Pillar 3 disclosures as at 31 October 2012
as at 31 October 2012 Approved by the Board on 26 March 2013 Contents 1 2 3 4 5 6 7 8 9 Introduction Scope Risk management objectives and policies Capital resources Capital adequacy Credit risk Interest
More informationGUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK
SUPERVISORY AND REGULATORY GUIDELINES: PU-0412 Operational Risk 25 th November, 2013 GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK 1. INTRODUCTION 1.1. The Central Bank of The Bahamas ( the Central
More informationICAAP Required Capital Assessment, Quantification & Allocation. Anand Borawake, VP, Risk Management, TD Bank anand.borawake@td.com
ICAAP Required Capital Assessment, Quantification & Allocation Anand Borawake, VP, Risk Management, TD Bank anand.borawake@td.com Table of Contents Key Takeaways - Value Add from the ICAAP The 3 Pillars
More informationESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014
ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014 Dear Chairperson, I would like to thank you for the opportunity to provide management
More informationSystem of Governance
CEIOPS-DOC-29/09 CEIOPS Advice for Level 2 Implementing Measures on Solvency II: System of Governance (former Consultation Paper 33) October 2009 CEIOPS e.v. Westhafenplatz 1-60327 Frankfurt Germany Tel.
More informationtreasury risk management
Governance, Concise guide Risk to and Compliance treasury risk management KPMG is a leading provider of professional services including audit, tax and advisory. KPMG in Australia has over 5000 partners
More informationCapital Requirements Directive Pillar 3 Disclosure. Western Asset Management Company Limited December 2008
Capital Requirements Directive Pillar 3 Disclosure Western Asset Management Company Limited December 2008 Background Under the 2006 Capital Requirements Directive ( CRD ), a revised regulatory framework
More informationFraud and the Government Internal Auditor
Fraud and the Government Internal Auditor January 2012 Fraud and the Government Internal Auditor January 2012 Official versions of this document are printed on 100% recycled paper. When you have finished
More informationCyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen
Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or
More informationCorporate Governance Report
Corporate Governance Report Chairman s introduction From 1 January 2015 until 31 December 2015, the company applied the 2014 edition of the UK Corporate Governance Code (the Code ). 1. BOARD COMPOSITION
More informationCompliance. Group Standard
Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public
More informationTerms of Reference - Board Risk Committee
Terms of Reference - Board Risk Committee The Board Risk Committee is authorised by the Board to oversee the Group s risk management arrangements. It ensures that the overarching risk appetite is appropriate
More informationwww.pwc.nl/cybersecurity Cyber security Building confidence in your digital future
www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence
More informationTitle here. Successful Business Model Transformation. in the Financial Services Industry. KPMG s Evolving World of Risk Management SECTORS AND THEMES
SECTORS AND THEMES Successful Business Model Transformation Title here in the Financial Services Industry Additional information in Univers 45 Light 12pt on 16pt leading KPMG s Evolving World of Risk Management
More information