Upload
cukup-nie-sajah
View
218
Download
0
Embed Size (px)
Citation preview
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
1/13
Consulting and Risk Services
Internal AuditSurvey
Lithuanian Banking
Sector
July 2009
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
2/13
2
Table of contents
Foreword 3
Executive Summary 4
Objective o the Survey 4
Scope and Respondents o the Survey 4
Key Findings o the Survey 5
Detailed Survey Results 6
Size o Internal Audit Departments and Level o Support rom 3rd PartyProviders 6
Experience, Qualifcations, Training and Sta Retention 6
Audit Planning and Delivery 7
Main Objectives o the Internal Audit Department and the ValueIt Adds 9
Internal Audit Department Perormance 9
Tools, Proessional Standards and Methodologies 10
Communication and Reporting 11
About us 12
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
3/13
3Internal Audit Survey Lithuanian Banking Sector
Foreword
Recent years have shown an unprecedented degree
o change in the world o Internal Audit. Heads o
Internal Audit Departments and risk proessionals
have been asked to cope with major corporate
scandals and economic uncertainty and the changes
that these events have had on their organisations
and governance processes. In addition, they have
had to amiliarise themselves and provide assurance
on the ever increasing use and complexity o
technology. Organisations are also extending beyondtheir traditional barriers into close and complex
relationships with third parties. The green agenda
also continues to become more important within
organisations as stakeholders demand more assurance
on how organizations are responding to public
concerns in this area.
All o this has meant that the role and responsibilities
o the Head o an Internal Audit Department are
becoming ever more demanding and who knows
what the short term uture will bring, as the global
economy tightens and the scal and monetary
authorities take action. These actors impact Internal
Audit Departments in a variety o ways, including
the skills that need to be obtained and deployed, the
quantum o available resources we have to hand and
responding to new and emerging business risks.
This brochure provides context arising rom the recent
Deloitte Lietuva UAB survey which was conducted in
order to benchmark the perormance o Internal Audit
Departments within the Lithuanian Banking industry.
It has been a period o unprecedented change which
we do not see abating. For internal auditors and risk
proessionals, coping with such signicant change is
now business as usual.
Andrew Cross
Director In Charge o Lithuania & Baltic States
Consulting and Risk Services
Deloitte Lithuania
July 2009
Tim Mahon
Managing Partner
Deloitte Lithuania
July 2009
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
4/13
4
Executive Summary
Objective o the Survey
The goal o the Internal Audit Survey or banking
institutions is to help respondents assess and understand
the state o internal audit within their bank relative to
their Lithuanian peer group.
Internal Audit within the banking sector is a ast growing
area that is aced with an ever changing and increasing
complex regulatory and technological environment.
Financial services institutions, now more than ever,recognize the importance o perormance measurements
and benchmarks in helping them manage complex
systems and processes. Benchmarking with a peer
group can assist organizations in identiying those
practices that, when adopted and implemented, have
the potential to produce superior perormance.
By summarizing the survey data, collected in the rst
hal o 2009, we were able to determine dierences
and similarities among the practice o Internal Audit
departments o Lithuanian banks, and identiy trends.
Scope and Respondents o the Survey
The survey covered the ollowing areas:
Size o Internal Audit departments and level o
support rom 3rd party providers;
Experience, qualications and training;
Planning and perorming audits;
Audit planning and delivery;
Main objectives o the Internal Audit
Department and the value it adds;
Internal Audit Department perormance;Tools, proessional standards and
methodologies; and
Communication and reporting.
This report presents the results o the survey
in which 10 o the 11 commercial Lithuanian
banks participated. The responses to the survey
were provided by the Head o the Internal Audit
departments within the banks.
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
5/13
5Internal Audit Survey Lithuanian Banking Sector
Key Findings o the Survey
All o the surveyed Banks have an Internal Audit
Department, which on average, consists o 6 ull time
internal resources. Nearly 70% o the auditors employed
by the surveyed banks, hold proessional qualications,
with the most common being the Lithuanian Internal
Audit Certication. Less than 10% o the auditors hold
either the International Certied Internal Auditor or
Certied Inormation Systems Auditor qualications.
For 90% o the surveyed Banks the Head o the
Internal Audit Department reports directly to the Audit
Committee.
50% o the Banks surveyed have specialist IT auditors
and capabilities, with approximately 25% o total audit
department time being spent on IT related activities.
None o the Banks currently have specialist raud
auditors.
70% o the Banks use specialist 3rd party providers to
assist them, typically outsourcing up to 25% o their
annual activities.
On average, each o the Banks invests 11 days per
annum into training each o its auditors. A common
issue appears to be the lack o supply o adequate
training courses in Lithuania.
All o the Internal Audit Departments are perorming
activities to assess compliance with MiFID requirements.
The majority also perorm audit activities in respect o
Basel II and Bank o Lithuania Act 149 requirements.
However, at the current time, there appears to be
limited audit activities in the areas o Anti-MoneyLaundering and protection o personal data.
80% o the Internal Audit Departments indicate that
they have recently updated their 2009 plan to refect
new risks driven by the current economic uncertainty,
with more emphasis being placed on areas such
as credit risk and provisioning, loans and collateral
management and liquidity risk.
The majority o the Internal Audit Departments plan to
perorm an audit o their Banks governance processes
in 2009.
40% o the Internal Audit Departments ully delivered
their 2008 audit activities in accordance with plan, with
the majority o the remaining Departments delivering at
least 75% o their planned activities.
All o the Departments base their work on the Standardso the Institute o Internal Auditors. However, 60%
o the Departments, at the time o survey, had not
implemented the updated Standards that became
eective on 1 January 2009. 60% o the Internal Audit
Departments have ormally dened and documented
their Internal Audit policies, procedures and
methodologies (i.e. Internal Audit Manual).
The surveyed Internal Audit Departments indicated that
their main value drivers were:
To assist management to improve the
eectiveness and eciency o their Banks internal
controls;
To assure compliance with external regulations
and internal policies and procedures; and
To assist the Bank to increase the operational
eciency o its processes and activities.
A variety o methodologies and approaches are used
to evaluate and improve Internal Audit Department
perormance, with 70% o the Departments using
established key perormance indicators. 60% o the
Departments indicated that an independent external
quality assessment had been perormed within the
last two years. A urther 20% will perorm such anassessment within the next two years.
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
6/13
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
7/13
7Internal Audit Survey Lithuanian Banking Sector
The survey participants indicated that it currently takes,on average, 55 days to recruit a new internal audit
resource. This time period is expected to decline during
periods o economic and business uncertainty.
0 20 40 60 80 100
Figure 3. The most important actors or retaining Internal
Audit resources
90%
80%
60%
80%
50%
30%
30%
Providing proessional development
Compensation
Opportunities to rotate into other positions within the business
Challenging assignments
Recognizing and rewarding perormance
Flexible work schedules
Other
Percentage o surveyed Banks
Figure 4. Proportion o the 2008 Internal Audit
Plan delivered
40%
Delivered 100% o 2008 Internal Audit Plan
Delivered 75-99% o 2008 Internal Audit Plan
Delivered 50-74% o 2008 Internal Audit Plan
50%
10%
Audit Planning and Delivery
70% o the Banks indicate that there is a high level o
interaction between their Internal Audit Department and
their risk management and compliance unctions, with
proactive sharing o risk and control inormation. Only
1 o the 10 Banks indicated that there is no interaction
between these unctions.
In respect o successul delivery o the 2008 Internal
Audit Plan, 40% o the Banks Internal AuditDepartments ully delivered their Plan on time and 50%
o the Departments delivered at least 75% o their Plan
(See Figure 4).
On average, 25% o the Banks Internal Audit activities
related to assessing controls over IT and Inormation
Systems (See Figure 5).
0 10 20 30 40 50
Figure 5. Proportion o the actual work related to IT
activities
More than 50%
30%
50%
10%
10%
40-50%
20-39%
10-19%
Percentage o surveyed Banks
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
8/13
8
0 10 20 30 40 50
Figure 6. Proportion o the actual work related to
raud reviews
More than 50%
20%
50%
20%
10%
20-39%
10-19%
Less than 10%
On average,15% o the Banks Internal Audit activities
related to investigating potential raud and assessing
anti-raud control rameworks (See Figure 6).
Percentage o surveyed Banks
0 10 20 30 40 50 60 70 80
Figure 7. Other regulatory driven audits
Percentage o surveyed Banks
Act No. 149 on Internal Control and Risk Management issued bythe Bank o Lithuania
Basel II regulations
Law on Legal Protection o Personal Data No. X-1444
Law on Prevention o Money Laundering No. VIII-275
Act No. 125 and 148 on Internal Audit issued by the Bank oLithuania
Law on Banks No. IX-2085
Law on Financial Institutions No. IX-1068
80%
80%
20%
20%
10%
10%
10%
All o the Banks Internal Audit Plans include activities to
assess compliance and controls in respect o the Markets
in Financial Instruments Directive (MiFID).
All o the Banks also perorm other regulatory audits
(See Figure 7). Notably:
80% perorm audits in respect o Basel II
requirements and compliance with the Bank o
Lithuanias Act 149 Internal Control and Risk
Management requirements
20% perorm audits in respect o compliance
with Anti Money Laundering and Protection o
Personal Data regulations
The survey showed that the Banks are planning to
perorm an audit o their governance process and systems
in 2009 with 70% o the surveyed Banks answering
positively.
80% o the surveyed Banks indicated that they have
recently updated their 2009 Internal Audit Plan in order
to refect and address new risks driven by the current
economic uncertainty, with specic ocus being placed
on credit risk and provisioning, loans and collateral
management and liquidity risk.
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
9/13
9Internal Audit Survey Lithuanian Banking Sector
Main Objectives o the Internal Audit Department
and the Value It Adds
90% o the surveyed Banks indicated that the most
important objective o the Internal Audit Department is to
improve the Banks internal controls. The ollowing other
objectives were also highlighted as being important and
areas o ocus:
Improving the eciency o the Bank and its
processes;
Assessing compliance with external requirementsand regulations; and
Assessing compliance with internal policies and
procedures.
The main areas o Internal Audit activity that are
perceived as adding the most value to the Banks (See
Figure 8) are as ollows:
The development o risk management and control
rameworks;
The development o internal control solutions; and
Increasing the operational eciency o processes
and activities.
0 10 20 30 40 50 60 70 80
Figure 8. Internal Audit Department activities perceived as
adding the most value
70%
70%
50%
40%
70%
50%
10%
10%
40%
Development o risk management and control rameworks
Development o control solutions
Address and resolve key business risks
Ensure eective nancial reporting
Support the achievement o key business objectives
Increase the operational eciency o processes and activities
Assist the development o secure IT systems
Enhance customer service procedures
Ensure compliance
Percentage o surveyed Banks
0 10 20 30 40 50 60
Figure 9. Key methodologies and approaches used to
measure the perormance o the Internal Audit Department
10%
40%
50%
10%
40%
20%
10%
60%
30%
Length o time to perorm audit
The number o signicant control related ndings identied
Specic perormance eedback received rom Executive and Seniormanagement and auditees
Cost savings / cash fow improvements identied
Level o success in delivery o the annual Internal Audit Plan
Number o Interal Audit Department recommendations ullyimplemented
Internal or sel assessment o quality
An external quality assessment o the Department (in accordancewith IIA Standards)
Other
Percentage o surveyed Banks
Internal Audit Department Perormance
A variety o methodologies and approaches are used
by the surveyed Banks to evaluate and improve the
perormance o their Internal Audit Departments (See
Figure 9). The most popular are as ollows:
An external quality assessment o the Department
(in accordance with IIA Standards);
Specic perormance eedback received rom
Executive and Senior management and auditees;
Level o success in the delivery o the annualInternal Audit Plan; and
The number o signicant control related ndings
identied.
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
10/13
10
70% o the Banks have established key perormance
indicators or measuring and monitoring their Internal
Audit Department.
60% o the Banks surveyed indicated that an external
quality assessment o their Internal Audit Department has
been perormed within the last two years. On average,
they intend to repeat the external quality assessment
within the next 3-5 years. In respect o the remaining
40% that have not undergone an external qualityassessment:
20% expect to perorm an external quality
assessment in the near uture (1 to 2 years); and
20% are not planning or such an assessment to
be perormed.
The surveyed Banks indicate that the two key areas
or improving the perormance o their Internal Audit
departments (See Figure 10) are as ollows:
Increased ocus and attention on assessing the
adequacy o internal controls to mitigate key
business risks; and
More training and development o the skills and
knowledge o its internal auditors.
0 20 40 60 80 100
Figure 11. Use o proessional standards
60%
60%
30%
40%
80%
100%
Other
Internal methodologies or perorming Internal Audit
ITIL
ISO 27000 / ISO 17799
CobiT
IIA standards
Percentage o surveyed Banks
0 10 20 30 40 50 60 70 80
Figure 10. Areas o improvement or Internal Audit
Department
Improving communication with management
30%
20%
70%
20%
70%
30%
10%
Improvement o Internal Audit Department methodologies andprocesses
Increased ocus and attention on assessing the adequacy ointernal controls to mitigate key business risks
Recruitment o more resources
More training and development o the skills and knowledge o itsinternal auditors
Implementing IT tools
Other
Percentage o surveyed Banks
On average, the surveyed Banks are expecting to
invest up to LTL 50,000 per annum into enhancing and
developing their Internal Audit Departments.
Tools, Proessional Standards and Methodologies
50% o the surveyed Banks use Internal Audit tools and
technology such as ACL and other data interrogation
sotware, automated working papers, knowledge
databases, automated risk assessment tools and
planning tools.
All o the surveyed Banks Internal Audit Departments
base their work on the Standards o the Institute o
Internal Auditors. However, only 40% o the Banks
Internal Audit Departments have implemented the
updated Standards o the Institute o Internal Auditors,
which became eective on 1 January 2009.
The majority o the Banks with specialist IT internal
auditors use CobiT standards as the base or their IT
internal audit activities. Other proessional standards
being used include ISO and ITIL.
60% o the surveyed Banks have also developed their
own internal methodologies or perorming Internal
Audit activities (See Figure 11).
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
11/13
11Internal Audit Survey Lithuanian Banking Sector
0 20 40 60 80 100
Figure 12. Reporting
Audit Committee
Group Head o Internal Audit
Board
Chie Executive Ocer
90%
40%
30%
20%
Communication and Reporting
For 90% o the surveyed Banks, the Head o the
Internal Audit Department reports directly to the
Audit Committee. However, due to a number o the
Lithuanian Banks being part o oreign based banking
groups, a number Head o Internal Audit also report
to the Group Head o Internal Audit, Chie Executive
Ocer or Board (See Figure 12).
Percentage o surveyed Banks
The Directors o Internal Audit Department o the
surveyed Banks indicate that:
They have good communication and
inormation fow with the Banks Executive and
Senior Management, in respect o current and
emerging business issues and concerns;
They receive the appropriate level o support
rom the Banks Audit Committee, ExecutiveManagement and Senior Management.
On average, the Directors o the Internal Audit
Departments report, meet and discuss audit and
business issues with the Audit Committee and
Management Board every month. 2 o the 10 Banks
perorm these activities on a weekly basis
(See Figure 13).
0 5 10 15 20 25 30
Figure 13. Frequency o d iscussions or reporting o issues
to the Board or Audit Committee
30%
30%
20%
20%
Weekly
Monthly
Quarterly
Less, inrequently
Percentage o surveyed Banks
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
12/13
12
About us
Deloitte Lithuania is one o the leading
proessional services organisations in the
country, delivering world-class audit, tax & legal,
consulting fnancial advisory and enterprise
risk services. The practice serves many o the
countrys largest companies, public institutions
and successul, ast-growing companies
Our internationally experienced proessionals strive to
deliver seamless, consistent services wherever our clientsoperate.
Our Lithuanian practice is part o our regional rm,
Deloitte Central Europe.
Deloitte Central Europe has approximately 4,000
employees in 17 countries providing international and
local services across the borders o the region.
Our regional rm in Central Europe is a member o our
international organisation, Deloitte Touche Tohmatsu.
Deloitte delivers measurable value to our clients through
a global network o diverse proessionals who bring
unmatched depth and breadth o expertise.
With 14 years o operations in Lithuania, we are a ast
growing and dynamic rm and enjoy the distinction o
being a market leader in respect o audit and consulting
services.
Our major strength is our ability to render
comprehensive services covering all principal areas o
concern to businesses. Our services are coordinated by a
lead client service partner and are rendered by individualproessional partners and managers within the rm.
Another competitive edge o our rm stems rom the
industry and technical expertise o our local and oreign
proessionals. As a result o the regional structure o
Deloitte, we are able, as and when necessary, to draw
upon the experience o our specialists in the Central
European region and other proessionals rom our global
network.
For more inormation please contact:
Tim MahonManaging PartnerDeloitte Lithuania
Tel.: +370 5 255 3002E-mail: [email protected]
Andrew CrossDirector in Charge o Lithuania and Baltic StatesConsulting and Risk Services
Deloitte LithuaniaTel.: +370 5 255 3014E-mail: [email protected]
Gediminas MinkusProject Leader or Capital Market ServicesDeloitte LithuaniaTel.: +370 5 255 3021
E-mail: [email protected]
Dominyka SakalauskaitProject Leader or Internal Audit Services
Deloitte LithuaniaTel.: +370 5 255 3016
E-mail: [email protected]
Dainius GuysProject Leader or IT / IS ServicesDeloitte Lithuania
Tel.: +370 5 255 3018E-mail: [email protected]
Laura PuodinaitProject Leader or Consulting and Optimisation ServicesDeloitte LithuaniaTel.: +370 5 255 3013
E-mail: [email protected]
8/6/2019 Internal Audit Survey Lithuanian Banking Sector
13/13
These materials and the inormation contained herein are provided by Deloitte Lithuania and are intended to provide general
inormation on a particular subject or subjects and are not an exhaustive treatment o such subject(s).
Accordingly, the inormation in these materials is not intended to constitute accounting, tax, legal, investment, consulting, or other
proessional advice or services. The inormation is not intended to be relied upon as the sole basis or any decision which may aect
you or your business. Beore making any decision or taking any action that might aect your personal nances or business, you
should consult a qualied proessional adviser.
These materials and the inormation contained therein are provided as is, Deloitte Lithuania makes no express or implied
representations or warranties regarding these materials or the inormation contained therein. Without limiting the oregoing,
Deloitte Lithuania does not warrant that the materials or inormation contained therein will be error-ree or will meet any particular
criteria o perormance or quality. Deloitte Lithuania expressly disclaims all implied warranties, including, without limitation,
warranties o merchantability, title, tness or a particular purpose, noninringement, compatibility, security, and accuracy.
Your use o these mater ials and inormation contained therein is at your own risk, and you assume ull responsibility and risk
o loss resulting rom the use thereo. Deloitte Lithuania will not be liable or any special, ind irect, incidental, consequential, or
punitive damages or any other damages whatsoever, whether in an action o contract, statute, tort (including, without limitation,
negligence), or otherwise, relating to the use o these materials or the inormation contained therein.
I any o the oregoing is not ully enorceable or any reason, the remainder shall nonetheless continue to apply.
***
Deloitte provides audit, tax, consulting, and nancial advisory services to public and private clients spanning multiple industries.
With a globally connected network o member rms in 140 countries, Deloitte brings world-class capabilities and deep local
expertise to help clients succeed wherever they operate. Deloittes 165,000 proessionals are committed to becoming the standard
o excellence.
Deloittes proessionals are unied by a collaborative culture that osters integrity, outstanding value to markets and clients,
commitment to each other, and strength rom cultural diversity. They enjoy an environment o continuous learning, challenging
experiences, and enriching career opportunities. Deloittes proessionals are dedicated to strengthening corporate responsibility,
building public trust, and making a positive impact in their communities.
Deloitte reers to one or more o Deloitte Touche Tohmatsu, a Swiss Verein, and its network o member rms, each o which isa legally separate and independent entity. Please see www.deloitte.com/lt/about or a detailed description o the legal structure o
Deloitte Touche Tohmatsu and its member rms.
Member o Deloitte Touche Tohmatsu
2009 Deloitte Lithuania