The EBA’s consultation document on the issue (EBA/CP/2015/03) is often unclear over which internal department is best placed to provide overall assurance to the board that its policies and procedures are sound. In particular, it confuses the independent, oversight remit of internal audit with the compliance roles of risk management and control functions.
“The task of the internal audit function is not to control but to work alongside others to audit the control functions, giving assurance to the board and the supervisory bodies that the policies are both well monitored and sound,” Thijs Smit, ECIIA President says.
Control functions monitor whether the bank’s remuneration policies are in place and followed. Internal audit informs the board whether such monitoring is occurring and effective, and whether policies benchmark against industry best practice.
“It is essential for the EBA’s document to reflect the fact that internal audit is the only function for the board, which is independent of management, that can oversee all of the other functions – including how well risk management and compliance are working,” Smit says.
He says that the most effective way for banks be sure remuneration policies are working properly is for them to adopt the so-called Three Lines of Defence model of corporate governance. That provides internal audit with the independent remit it requires to perform this critical role.
Full news
Full response
© ECIIA
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article