ECIIA - internal audit in the insurance industry
In June 2019, the European Confederation of Institutes of Internal Auditing (ECIIA) adopted a document entitled ‘Internal Audit in the Insurance industry Guidance’. The document seeks to help internal auditors interpret the high-level principle-based requirements for Internal Audit functions in Insurance undertakings set under the Solvency II framework. Where modifications are felt to be needed for the size or risk profile of insurance undertakings, this is specifically referenced in the guidance.
The document aims to enhance the overall effectiveness of internal audit, and its impact, in the European Insurance Industry. The document takes into account existing professional standards and developments in individual European Union member states as well as international bodies and different industry sectors, most notably the banking sector.
The Chartered Institute of Internal Auditors’ guidance on Effective Internal Audit in Financial Services (which has become known as ‘the FS Code’) has played an important part in raising expectations of internal audit in UK financial services organisations, and in promoting good practice. The revised text, published September 2017, included some changes, the most significant of which are:
- risk assessments and prioritisation of internal audit work
- the risk and control culture of the organisation
- to what extent it is appropriate, for internal audit, to take account of relevant work undertaken by others, and
- the Chair of the Audit Committee should be accountable for setting the objectives of the Chief Internal Auditor and appraising his/her performance at least annually.
This new guidance has been checked for consistency with the Chartered IIA’s “FS Code”. The FS Code applies to internal audit across the Financial Services Sector as a whole, whilst the new ECIIA Guidance applies specifically to all Insurance undertakings subject to the Solvency II Directive, regardless of the nature and status of the wider Group within which those activities may reside. Hence both documents are applicable to the practice of internal audit in the UK for Solvency II firms.