IIA-Australia Response to Royal Commission

Statement by the Institute of Internal Auditors-Australia Monday, 4 February, 2019

The Institute of Internal Auditors-Australia (IIA-Australia) today welcomed the wide-ranging recommendations in the final report by the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry.

IIA-Australia Chief Executive Officer Mr. Peter Jones said the Royal Commission’s focus on improving culture and risk conduct is important for the internal audit profession, and the critical role they play in achieving good governance.

He said the Commission had highlighted ‘sound management of conduct risk and improving entity governance’ was critical to the performance of those entities.

Mr Jones said internal audit was a key to measuring culture and welcomed the recommendation for APRA-regulated institutions to revise their standards and guidance.

“Currently APRA Prudential Standards CPS 220 on Risk Management and CPS 510 on Governance do not reference the Standards for internal audit. This omission by APRA effectively allows people who practice internal auditing to do so without any adherence to professional standards. ASIC in their Information Sheet 221 do reference the Standards.”

Mr Jones said it’s important that culture audits are conducted following The IIA’s International Standards for the Professional Practice of Internal Auditing (‘the Standards’) which sets the minimum standards for internal auditors worldwide.

“What the Royal Commission has revealed means that It’s important for the internal audit function be organizationally independent (of management) and report directly to the Board through the chair of the audit committee and administratively report to senior management (usually the chief executive or equivalent)”.

He said stronger controls will need to be in place to ensure that the head of internal audit can objectively report directly to the chair of the audit committee without fear or favour.

Mr Jones also welcomed the recommendation that industry codes be approved by ASIC, and have enforceable provisions that a breach of the code constitutes a breach of the law.

Mr Jones agreed with Commissioner Haynes for industry codes to be enforceable as it plays an important role in setting standards of behaviour in all industries.

Mr Jones also supported the recommendation that BEAR should be extended to all APRA-regulated financial services institutions, and that APRA and ASIC should jointly administer those new provisions.

He said it was important for all senior internal auditors subject to BEAR to be properly qualified, and conform to International Professional Practices Framework (IPPF) issued by the International Internal Audit Standards Board.

Mr Jones said he looked forward to discussing review of guidance material and prudential standards with ASIC and APRA.