Internal Audit Charter and operating standards

Transcription

1 Internal Audit Charter and perating standards

2 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw the auditing prcess perates practically, including: the preparatin and apprval f the annual Internal Audit Plan; the preparatin and apprval f Internal Audit review scpe dcuments; issue f Internal Audit reprts in draft frm and final frm, including the basis f grading audit issues and reprts; reprting and tracking f audit findings; and fllw up n implementatin f management actins t address audit findings. A separate Charter fr Llyd s China is attached as Appendix I, in accrdance with CIRC regulatry requirements fr Llyd s China. 2 internal audit charter 2.1 Missin Internal Audit s missin is t prvide reliable independent assurance t the Audit Cmmittee and Executive Team n the adequacy, effectiveness and sustainability f the system f internal cntrl. This is achieved thrugh implementatin f best practice methdlgies and leveraging expert capability. In carrying ut its activities Internal Audit aims t cntribute t building strng and effective risk awareness and cntrl cnsciusness within Llyd s; cntinuusly imprving risk management and cntrl prcesses s they perate at ptimum effectiveness and cst efficiency and reflect leading practice; and sharing best practice with regard t risk management and assurance acrss Llyd s. 2.2 Rle & Respnsibilities Internal Audit is the third line f defence in the risk gvernance structure, prviding independent and bjective assurance ver the design and effectiveness f cntrls in place t manage the key risks impacting Llyd s business perfrmance. Internal Audit has a key rle in supprting the accmplishment f Llyd s bjectives. Internal Audit is accuntable fr develping and delivering a prgramme f assurance aimed at validating the effective management f key business risks. Internal Audit is accuntable fr reprting its findings, cnclusins, and recmmendatins t the audited parties, Executive Team and Audit Cmmittee. Management is respnsible fr the effective identificatin f risk and the maintenance f adequate systems f cntrls. Internal Audit is respnsible fr ensuring that timely fllw-up n management actins ccurs. Management is respnsible fr crrective actins n reprted weaknesses. Management can request Internal Audit t perfrm audit reviews subject t these requests nt affecting Internal Audit s independence and bjectivity. The final decisin fr any changes t the Internal Audit plan rests with the Audit Cmmittee. An annual review f the adequacy f this Internal Audit Charter is als perfrmed by the Audit Cmmittee.

3 3 2.3 Independence and rights f access Internal Audit must be independent frm management at all times in rder t be effective in executing its wrk freely and bjectively, including: Internal Auditrs have n direct respnsibility r authrity ver any perating activities reviewed and shuld nt relieve thers f their respnsibilities; Internal Audit are specifically prhibited frm perfrming management activities, including: perfrming peratinal duties, including peratin f plicies and prcedures; initiating r apprving accunting transactins; and undertaking cnsulting engagements, specifically, thse engagements where the primary aim includes prcess imprvement, implementatin f systems, r advising n perating practices (e.g. benchmarking); The Head f Internal Audit has a direct reprting line t, with direct and unlimited access t, the Chair f the Audit Cmmittee and a secndary reprting line t the Chief Executive Officer. In additin, the Head f Internal Audit als reprts t the Llyd s Japan Bard fr wrk perfrmed; The Audit Cmmittee apprves Internal Audit s annual Plan and the verall budget; Internal Audit is authrised t review all areas f Llyd s and has full, free, and unrestricted access t all activities, recrds, prperty, and persnnel necessary t cmplete their wrk including crrespndence with regulatrs and Franchise Bard and Cmmittees meeting minutes; Internal Audit is authrised t allcate resurces, set frequencies, select areas, determine audit scpes and apply audit tls and techniques, and t btain the necessary assistance and specialised services within r utside Llyd s t accmplish its bjectives; Internal Audit reprts with significant findings will be reprted in full t the Audit Cmmittee; and Internal Audit has the right t be infrmed by management, n a timely basis, f any significant cntrl failures identified by management r the external auditrs. 2.4 Annual Internal Audit Planning T ensure adequate audit cverage f the Cmpany s systems and cntrls an audit universe is prepared by Internal Audit. Our annual Internal Audit Plan is derived frm the audit universe, prviding cnsideratin f rtatin f audit areas and areas f greatest risk. Our planning apprach includes interviews with each executive and key senir managers in the Crpratin. The Plan is submitted t the Executive Team fr their review prir t apprval by the Audit Cmmittee. The audit universe and annual Plan are develped independently by Internal Audit with full reference t: the Executive Team s and senir management views f the key risks facing the business; expectatins and issues raised by the regulatr; the Risk Management team t ensure all relevant risks are addressed in a plan that frms part f a value adding assurance framewrk; and Internal Audit s discussins with the external auditrs (PWC). In additin, IA will agree audit planning, audit scpes and audit reprts with the Llyd s Japan Bard fr wrk cnducted. 2.5 Scpe f wrk The primary scpe f Internal Audit s activities is the examinatin and evaluatin f the adequacy and effectiveness f Llyd s systems f risk management, internal cntrl and gvernance prcesses fr the Crpratin f Llyd s and its subsidiaries. In additin t this, Internal Audit s scpe will include review f: cmpliance with plicies; reliability and integrity f infrmatin;

4 4 means f safeguarding, verifying and accunting fr assets; and ecnmic and efficient use f resurces. 2.6 Cde f Ethics & Prfessinal Standards Internal Audit will cmply with the Internatinal Standards fr the Practice f Internal Auditing issued by the Institute f Internal Auditrs ( IIA ). Internal Audit management and staff are expected t cmply with the IIA s Cde f Ethics and demnstrate the Llyd s values. 2.7 Quality Review Prcess A thrugh and well defined quality assurance prcess exists ver deliverables prduced by Internal Audit (including wrkpapers, reprts and plans). All audit wrk is firstly reviewed by the Internal Audit Manager assigned. The wrk is then reviewed by the audit partner, and where audit reprts relate t mre cmplex r sensitive areas, they will be reviewed by a secnd audit partner, in additin, t the general quality assurance review prcess within Delitte. All wrk is then reviewed by the Head f Internal Audit. 2.8 External Audit IA liaises with External Audit (PWC) t share infrmatin and share ensure adequate cverage f risks. This shuld include: External Audit relying n the wrk perfrmed by Internal Audit t drive efficiency f apprach; and cnsideratin by Internal Audit f the cntrl weaknesses identified by external audit, bth in individual internal audit planning and annual internal audit planning. 3 internal audit perating standards 3.1 Audit scpe dcuments Cntents and timing Internal Audit drafts each scpe dcument, fllwing a planning meeting with management, utlining the review bjectives; the scpe f the review, including specific pints f fcus fr the review; and the prpsed time f cmmencement and the estimate f the days required fr cmpletin. The draft scpe dcument is agreed with management and then issued fr apprval t the Executive respnsible fr the auditable area Apprval A Llyd s Prject Spnsr, being the Directr respnsible fr the area f peratins subject t review, is appinted fr each Internal Audit. The scpe dcument is reviewed and apprved by the Prject Spnsr fr cmpleteness t identify areas f knwn cncern and/r areas that require remedial actin. The Prject Spnsr is nt allwed t restrict the scpe, but may identify areas f specific fcus that may be added t the agreed wrk prgramme. The scpe dcument als requires the apprval f the Head f Internal Audit (HIA) t authrise the allcatin f the estimated Internal Audit days fr the review. Apprval is nrmally required by bth the Prject Spnsr and the HIA befre an audit can cmmence. In urgent circumstances, verbal apprval can be given t cmmence an audit prvided it is frmally authrised within a shrt time perid thereafter.

5 5 3.2 Internal Audit annual planning prcess The annual audit planning prcess cmmences in September each year. Internal Audit meets separately with each member f Executive Team and selected senir management t discuss the inherent risk assessment and cntrl envirnment. The draft audit plan is discussed with the CEO and Directr Finance, Risk and Operatins, prir t being presented at the Executive Team fr discussin and apprval. The Internal Audit Plan is then presented at the Audit Cmmittee meeting fr discussin and apprval. 3.3 Issue f draft and final Internal Audit reprts The fllwing utlines the prcess fr the issue f Internal Audit reprts in draft frm and final frm Criteria fr ranking f audit reprts and audit issues All audit issues cntained in final reprts are assigned a pririty ranking t determine the relative imprtance f each issue. The audit issues represent residual risk (the level f risk remaining having taken int accunt bth the inherent risk and the effectiveness f cntrls t mitigate that inherent risk). Grading f reprts Reprts are assigned an verall grade f Critical, Significant, Mderate r Lw. The grading f the reprts is based n the underlying issues within each reprt. The fllwing table prvides the reprt gradings: Critical Audit reprts cntaining any critical issues will be defined as Critical, Furthermre, where a reprt cntains a number f significant issues which, taken tgether, indicate an verall critical weakness in the cntrl envirnment fr a particular prcess, the reprt will be assigned Critical. Significant Audit reprts cntaining any significant issues will be defined as Significant. Furthermre, where a reprt cntains a number f mderate issues which, taken tgether, indicate an verall significant weakness in the cntrl envirnment fr a particular prcess, the reprt will be assigned Significant. Mderate Audit reprts cntaining any mderate issues will be defined as Mderate. Lw Audit reprts cntaining nly lw issues will be defined as Lw. Grading f issues Issues identified will be graded Critical, Significant, Mderate r Lw depending n the relative imprtance f the issue. In rder t reduce the subjectivity in grading, we have prvided a set f guidelines that are used as a basis t assist in the evaluatin f the apprpriate grade attached t each issue. The table belw includes descriptins f example types f impact that an issue culd give rise t (e.g. financial lss, reputatinal damage). These are mapped t apprpriate reprt grades depending n the severity f that impact. This table is nt designed t be a prescriptive set f rules, but rather t be used as guidance. The verall evaluatin f the gradings will be assessed with due cnsideratin t the impact and likelihd f residual risk f the audit issues, having assessed the verall effectiveness and efficient f cntrls.

6 6 Table f guidelines fr grading issues IMPACT TYPE LOW MODERATE SIGNIFICANT CRITICAL Regulatry Minr breaches by individual staff members with n cnsequences; n mnetary fine and n disruptin t services. Regulatry breach with mnetary fines < 100,000 and ptential fr extra reprting requirements and /r regulatry examinatins Mnetary fine > 100,000 and disruptin t scheduled services. Lss f licence in a jurisdictin/ lss f pprtunity fr licence. Mnetary fine > 250,000 and assciated publicity, plus disruptin t scheduled services leading t lss f licence in critical jurisdictin. Reputatin Adverse cverage in lcal nn-leading financial press. N impact n security ratings, capital prviders r regulatry relatinships. Adverse cverage in leading financial press. Capital prviders, Rating Agencies r regulatrs raise issues with management. Extended negative natinal media cverage and/r adverse internatinal press cverage. Ptential dwngrading f security ratings. Extended internatinal negative media cverage and significant dwngrading f security ratings. Financial lss: Crpratin < 25,000 > 25,000 > 200,000 > 1 millin Central Fund > 250,000 > 1 millin > 10 millin > 10% f Central Fund Change Management Causes a delay in implementatin f a change prject f up t 3 mnth. Causes a delay in implementatin f a change prject f between 4 and 6 mnths that impacts the achievement f strategic gals. Serius delay f key prject by 7 t 12 mnths resulting in adverse impact t achieving strategic gals. Serius delay f key prject by 12+ mnths resulting in nn-achievement f strategic gals. Service Quality Perfrmance standards missed by 5% due t prcess prblems. Csts 5% ver budget. Perfrmance standards missed by between 5% and 20% due t prcess prblems. Csts 10% ver budget. Perfrmance standards missed by between 20% and 50%. Csts 50% ver budget. Significant lss f custmers due t perfrmance standards missed by greater than 50%; csts 50% ver budget. Likelihd Prbability f less than 10% Prbability f between 10 and 30% Prbability f between 30 and 40% Prbability greater than 40% 3.4 Reprting and tracking f audit findings Reprting f audit reprts Final Critical and Significant audit reprts, as defined abve, are reprted t the Executive Team. Critical and Significant reprts will als be advised t the Chair f the Audit Cmmittee n a timely basis and will be reprted in detail t the Audit Cmmittee. The key issues f Mderate reprts will be reprted t the Executive Team and an verview will be prvided t the Audit Cmmittee. An verview f the findings f Lw reprts will be reprted t the Executive Team and Audit Cmmittee.

7 Tracking f audit findings Internal Audit fllws up n the status f each utstanding audit issue each quarter. Each directr is asked t sign ff n the status prir t the issues being cllated by Internal Audit. Aged utstanding items are highlighted t the Executive Team and Audit Cmmittee Reprting t the Executive Team and the Audit Cmmittee n audit issue status A quarterly status reprt n the prgress f Internal Audit is prvided t the Executive Team. This status reprt includes issued audit reprts, audits in prgress, changes t plan and/r budget, and the status f implementatin f audit findings. Where critical and/r high risk issues are identified during an audit, these are reprted at the next Executive Team meeting. An verall summary, by grade, f agreed audit issues requiring management actin are included in the quarterly reprting. The reprt is then prvided t the Audit Cmmittee fr their cnsideratin.