Internal Audit of the Estonian Financial Supervisory Authority (EFSA)

1
Internal Audit of the Estonian Financial
Supervisory Authority (EFSA)

• Raivo Linnas
• Internal Auditor
• Tallinn, Estonia June 29, 2004

2
Curriculum Vitae - I

• From 01/2002 Internal Auditor of the EFSA.
• 10/1998 01/2002 Head of Performance Audit
  Department, Deputy Auditor General, The State
  Audit Office.

3
Curriculum Vitae - II

• 08/1994 07/1998 Chairman, Director General,
  and Member of Management Board in 2 Insurance
  Companies
• 09/1993 05/1994 Vice Chairman, Member of
  Board of the Eesti Sotsiaalpank.

4
Curriculum Vitae - III

• From 04/2004 Affiliate Member of the IIA of UK
  and Ireland.
• From 1985 - Dipl. Eng.
• Former Lecturer of the Estonian Business School.

5
About the EFSA - I

• Established on 01.01.2002
• An agency created by the Riigikogu
• With autonomous competence and a separate budget
  and management
• Independent in the conduct of financial
  supervision
• United Financial Supervision Authority
• The Financial Supervision Authority Act.

6
About the EFSA - II

• About 65 Employees
• The Council (6 members, including Ministry of
  Finance, GBoE)
• The Management Board (5 members)
• 8 Departments, IA, IS, PR.
• About 70 Entities to be Supervised, incl Issuers.
• Budget of 2004 circa 2.7 million EUR.

7
Place of Internal Audit Unit in the EFSA

• Directly accountable to the Management Board.
• No statutory links with Supervisory Council.
• No Audit Committee.

8
Legal Framework

• FSA 18.3.9
• IA Reglement (Charter)
• Job Description of IA
• Code of Ethics of IA
• Contract of Employment of IA.
• Fixed-term Contract for 22 years.

9
Mission

• To help Management Board
• achieve goals and objectives in best way with
  most reasonable consumption of resources.

10
Goals and Objectives

• To add value and develop the EFSAs
• Management and Organizational Culture and
• Control Environment.
• To evaluate and improve the effectiveness of risk
  management, control and governance processes.

11
Tasks and Responsibilities of IA

• Internal Audit Function
• Handling of Conflict of Interests Issues
• Risk Management Function (secondary)
• Promote Quality Management
• Promote Appropriate Ethics and Values within the
  EFSA.

12
Rights of IA - I

• To be Independent in Planning, Scoping and
  Performing Audits and Investigations
• Immidiate Direct Access to CMB and MB in Corpore
• Access to all Files, Accounts, Processes,
  Property and Data.

13
Rights of IA - II

• Interview all Staff, incl Members of Management
  Board (MMB)
• Interview all Contractors and Representatives of
  Entities Under Supervision
• Take Part in meetings of MB and other relevant
  meetings

14
Rights of IA - III

• Reject all tasks in case of risk of incompetence,
  conflict of interests or unobjectivity
• Contract Independent External Expert(s)
• Involve Personnel of EFSA in Audits and
  Investigations
• Continuing development of knowledge, skills, and
  other competencies.

15
Scope

• All Fields of Activity of the EFSA
• All functions and projects
• All systems and processes
• Entire Staff, incl MMB
• All Structural Units.

16
Approach

• Risk Based.
• Implementing The IIA Internal Audit Standards as
  well as possible.
• No full compliance with the IIA IAS as of today.

17
Planning

• Strategic Plan (3-5 years)
• Quarterly Plan (Time-Resource Based)
• Plan of Particular Audit.
• SP and QP to be Confirmed by MB.
• PPA to be Consulted with Chairman.

18
Reporting

• The Case Report of Audit Results to the CMB
  and/or MB.
• Quarterly Report to the MB.
• Annual Report of Activity to the MB.
• Annual Report of Self-Assessment to the CMB.

19
Content of QR - I

• I Report of Most Important Activities (Execution
  vs Plans).
• II Observations of Most Important Risks.
• III Report of All Activities by Areas of
  Responsibility. (Execution vs Plans).

20
II Observations of Most Important Risks - I

• Risks of Communication and Disclosure
• Financial Risks
• Risks of Planning and Budgeting
• Risks of Unachivement of Goals and Objectives
• Risks of Image

21
II Observations of Most Important Risks - II

• Risks of Supervision
• Risks of Handling Confidential Information
• Observations on Risk Management
• Observations on Control Environment
• Observations on Corporate Governance
• Observations on Conflict of Interests Issues
• Observations on Fraud and Misusement
• Varie.

22
Assessment

• Self-Assessment of Each Particular Audit.
• Annual Self-Assessment.
• Annual Internal Assessment.
• Annual Appraisal.
• External Assessment (At once in 3 years).

23
Audit Process

• 5 Stages and 12 Steps
• Planning (4 Steps)
• Conducting (1 Step)
• Drafting Results (3 Steps)
• Disclosure (1 Step)
• Assessment (2 Steps)
• Follow-up (1 Step).

24
Risks of Particular Model

• Risk of Discontinuity
• Risk of Incompetence
• Risk of Independence
• Risk of Divisibility
• Risk of Shortage of Ideas.
• No Time for Deeper and Longer Engagements.

25
Strengths

• Clear Responsibility.
• Efficiency of Ressource Consumption.
• No Opposition with MB.

26
Audit failing

• Standardized and Formalized
• Traditional
• Digital.

27
Thank you very much for your attention!