Group internal audit charter
This Charter sets out the purpose, authority and responsibility of the GIA function within TP ICAP Group plc (‘TP ICAP’).
To enhance and protect organisational value by providing risk-based and objective assurance, advice, and insight.
GIA’s objective is to assist the Board of TP ICAP, its subsidiary companies and management to accomplish its objectives and to protect the assets, reputation and sustainability of TP ICAP through the provision of an independent appraisal of the adequacy and effectiveness of governance, risk management and the internal control framework. Certain Boards, including the TP ICAP Board, have delegated responsibility for overseeing internal audit activity to an Audit Committee (‘AC’). GIA executes its primary role by:
(i) Assessing whether significant risks are identified, adequately controlled and appropriately reported.
(ii) Challenging management to improve the effectiveness of governance, risk management and internal control
(iii) Providing requested advice and guidance through consulting.
GIA derives its authority from the Boards through the ACs. The primary reporting line will be to the AC. The AC will:
(i) review and approve the GIA Charter annually;
(ii) approve decisions regarding the appointment and removal of the Chief Internal Auditor (‘CIA’); and
(iii) review and approve the GIA operating model including ensuring the sufficiency of GIA budget, headcount, skills and resources in consultation with the CIA.
The CIA’s administrative reporting line will be to the Group Chief Executive Officer.
GIA is authorised to have unrestricted (full and complete) and timely access to all functions (in-house or outsourced), records (either paper or electronic), property, and personnel. Special arrangements will be made to review confidential or classified information.
In order to permit GIA to carry out its work freely and objectively, GIA shall be independent of any administrative, business or other control function within TP ICAP. GIA has no direct responsibility or authority over any of the activities or operations that they have reviewed. GIA shall not develop or implement procedures, prepare records, or engage in activities that they would normally review. GIA does not relieve line management and second line of defence of their responsibility for effective control.
The CIA will confirm to the AC, at least annually, the organisational independence of GIA activity. The CIA will disclose details of any impairment to GIA’s independence or objectivity to the AC and the Board. The CIA reserves the right to meet the AC “in camera”.
GIA staff (in-house and co-sourced) are obliged to:
(i) adhere to the Institute of Internal Auditors’ (‘IIA’) Code of Ethics.
(ii) manage their activities such that they are carried out in compliance with the Internal Audit principles and standards in the International Professional Practices Framework (‘IPPF’) issued by the IIA, the ‘Guidance on Effective Internal Audit in the Financial Services Sector’ (the ‘FS Code’) and other mandatory and relevant internal audit standards.
Scope & Responsibilities
All TP ICAP activities, legal entities and locations are within GIA’s scope. GIA will:
(i) Provide independent, objective assurance and consulting activity (as defined by the IIA) designed to add value and improve TP ICAP’s operations and the effectiveness of the risk management, control and governance processes. GIA does not specifically set out to improve profitability or processes, but where such opportunities are identified these will be communicated to management.
(ii) Develop and deliver a flexible, risk-based Internal Audit Plan (‘the plan’) based on an independent risk assessment performed at least annually and any other concerns identified by the AC and management. GIA will also perform ad hoc reviews and special investigations as requested by the AC, Executive Management or as determined by the CIA.
(iii) Identify deficiencies with the adequacy and effectiveness of the control environments, and/or potential improvements to processes, agree actions with management to resolve issues and process weaknesses, and report the results of the area under review to management. GIA is committed to providing practical recommendations when appropriate.
(iv) Monitor the implementation of audit actions, and obtain appropriate evidence or confirmation that the risk identified has been mitigated (or is within risk appetite).
(v) Coordinate with other control functions, including Risk and Compliance, as appropriate and on other matters of risks and controls as deemed necessary.
(vi) Present at, and issue reports to the appropriate governing bodies, including the AC and Board Committees. The reports, relevant to the committees, will include: a. periodic information on the status and results of the plan and the sufficiency of the GIA resources. GIA will manage and allocate resources as appropriate to ensure successful delivery of the plan; b. focus on significant control weaknesses with a robust rootcause analysis; c. thematic issues and trends identified across TP ICAP and their impact on the risk profile; d. an independent view of management’s reporting on the risk management of the organisation, including a view on management’s remediation plans highlighting areas where there are significant delays; and e. at least annually, an assessment of the overall effectiveness of TP ICAP’s governance, and risk and control frameworks.
(vii) Have an open, constructive and co-operative relationship with TP ICAP’s regulators and external auditors which supports sharing of information relevant to their respective responsibilities;
(viii) Align its practices with the code, standards, guidance, and where appropriate industry developments, by maintaining an up todate set of policies and procedures along with performance and effectiveness measures.
(ix) Monitor compliance against the code, standards and guidance through a robust quality assurance programme which assesses the conformance, efficiency and effectiveness of GIA’s activity and identifies improvement opportunities.
(x) Update and present the Charter to the Audit Committee on an annual basis for review and approval.
Last Updated: July 2020
EXPERT INSIGHT & ANALYSIS
Keep up to date with the latest insights and commentary from our global network of in-house experts on LinkedIn.