Chair: Derek Jamieson - Director of Regions, Chartered IIA
Institute: Liz Sandwith - Chief Professional Practices Advisor, Chartered IIA
Chair's opening comments
Our last session focussed on leadership and the challenges facing internal audit in what is clearly now an exceptionally volatile and uncertain world.
Today, we welcome Stephen White, Interim CEO for Yorkshire Building Society. He is a senior leader with considerable experience, having previously held COO roles in AIB and NHS Direct in addition to being EGM at National Australia Bank.
Stephen is going to talk to us today about the evolving role and positioning of internal audit within Yorkshire Building Society and his developing expectations of the function and indeed the profession in the future.
Given the deteriorating situation in Ukraine and the serious challenges this is creating around the world, I also asked Stephen to touch on some of the challenges that are emerging in his part of the FS sector and the extent to which internal audit may be able to provide assurance in the coming weeks and months.
Perceptions from Stephen White on the evolving role and positioning of internal audit:
Internal audit has a key role to play in organisations. It is important to work with organisations, support organisations and help organisations be safe, resilient and efficient in what they do. It would be opportune for internal audit to pause and consider actions that it might agree with the business and whether those are efficient and effective in terms of enhancing internal control and enhancing risk management.
We, as internal audit, have a responsibility to deliver in the organisation. However, the Chief Executive Officer also has a role in supporting and encouraging internal audit across the organisation.
Chair's closing comments
Our next session is currently scheduled to focus on our recently published thought leadership report Creating a Healthy Culture – Why internal audit and Boards must take culture more seriously in a post-Covid world. There were a number of key findings in this paper that are relevant to both internal audit functions and at board level.
Given their significance, we are keen to discuss both the findings and our recommendations with this group. As usual, notes, chat comments will be placed on our web pages in the next couple of days.
We have a number of events scheduled for the coming months, including our Leaders Summit and our Internal Audit Conference. Please visit our Events page for further details.
Q: You mentioned about your CAE sitting on your ExCo. Is there a chance that they could become so ingrained in the business that they lose their independence? How do you help the CAE manage this?
A: In YBS, the CAE does not sit on the main board, so there is an element of independence there. There is a role for the CAE and also the Chief Executive to ensure that independence is not used inappropriately. There is the expectation that they will live their behaviours, so they are free to step out, challenge and offer perspective as required. It is down to individuals to create the right culture – there needs to be the right level of influence balanced with not losing independence.
Q: No-one likes to see a red report but sometimes this allows things to be fixed quicker. Conversely, sometimes the business might want a red report if they seek access to more funding for example.
A: It is really about the actions coming out of the report, not the rating, that is important.
Q: What role can internal audit play in culture, particularly around providing assurance?
A: Leaders cast long shadows and it is important that leaders emulate the culture they wish to see. People watch leaders as to what they do rather than what they say. With many starting to return to the office, and people mixing more, I’d encourage internal audit to mix with different teams in different locations to understand more.
Q: You used the word agile earlier on and it’s a term that we’ve all become more familiar with. In terms of planning, do you still have an annual internal audit plan, or do you operate something more agile?
A: Under the regulations, we have to take an annual plan to the audit committee for approval and they assess against this. The creation of the plan should take place with the business and what is the data which supports inclusion in the plan. This helps buy-in to the plan. The plan may change if something major were to arise.
We were subject to a s.166 request from the FCA recently. It was to allow the FCA to get some comfort over activities within the business. We’ve viewed it as a positive in the organisation and the assurance gained from this has supported part of the plan. Given the direction of travel of the FCA, it’s likely we’ll see more of this.