Group internal audit charter
This Charter sets out the purpose, authority and responsibility of the GIA function within TP ICAP Group plc (‘TP ICAP’)
Mission
To enhance and protect organisational value by providing risk based and objective assurance, advice, and insight.
Purpose
GIA’s objective is to assist the Board of TP ICAP, its subsidiary companies and management to accomplish its objectives and to protect the assets, reputation and sustainability of TP ICAP through the provision of an independent appraisal of the adequacy and effectiveness of governance, risk management and the internal control framework. Certain Boards, including the TP ICAP Board, have delegated responsibility for overseeing internal audit activity to an Audit Committee (‘AC’). GIA executes its primary role by:
(i) Assessing whether significant risks are identified, adequately controlled and appropriately reported.
(ii) Challenging management to improve the effectiveness of governance, risk management and internal controls.
(iii) Providing requested advice and guidance through consulting.
The Chief Internal Auditor (CIA) is responsible for managing GIA activity. GIA does not provide assurance to external parties.
Authority
GIA derives its authority from the Boards through the ACs. GIA’s primary reporting line will be to the AC. The AC will:
(i) approve decisions regarding the CIA’s remuneration, objectives, performance, independence, appointment or removal;
(ii) review and approve the GIA Charter annually; and
(iii) review and approve the GIA operating model including ensuring the sufficiency of GIA budget, headcount, skills and resources, in consultation with the CIA.
The CIA’s administrative reporting line is to the TP ICAP CEO.
GIA is authorised to have unrestricted (full and complete) and timely access to all functions (in-house or outsourced), records (either paper or electronic), property, and personnel. Special arrangements will be made to review confidential or classified information.
Independence
In order to permit GIA to carry out its work freely and objectively, GIA shall be independent of any administrative, business or other control function within TP ICAP. GIA has no responsibility or authority over any of the activities or operations that it has reviewed. GIA shall not develop or implement procedures, prepare records, or engage in activities that it would normally review. GIA does not relieve line management and second line of defence of their responsibility for effective control. GIA is alert to conflicts of interest (COIs) and manages all COIs identified to ensure its activities, objectivity and independence are not impacted.
The CIA will confirm to the AC, at least annually, the organisational independence of GIA activity. The CIA will disclose details of any impairment to GIA’s independence or objectivity to the AC and the Board. The CIA reserves the right to meet the AC “in camera”.
GIA staff (in-house and co-sourced) are obliged to:
(i) adhere to the Institute of Internal Auditors’ (‘IIA’) Code of Ethics.
(ii) manage their activities to ensure compliance with the Principles and Standards in the International Professional Practices Framework (‘IPPF’) issued by the IIA, the ‘Guidance on Effective Internal Audit in the Financial Services Sector’ (the ‘FS Code’) and other mandatory and relevant internal audit standards.
Scope & Responsibilities
All TP ICAP activities, legal entities and locations are within GIA’s scope. GIA will:
(i) Use a systematic and disciplined approach to providing independent, objective assurance and consulting activity (as defined by the IIA) designed to add value and improve TP ICAP’s operations and the effectiveness of the risk management, control and governance processes. GIA does not specifically set out to improve profitability or processes, but any such opportunities identified will be communicated to management.
(ii) Develop and deliver a flexible, risk-based Internal Audit Plan (‘the plan’) based on an independent risk assessment performed at least annually and any other concerns identified by the AC, management or other relevant stakeholders. GIA will also perform ad hoc reviews and special investigations as requested by the AC, Executive Management or as determined by the CIA.
(iii) Identify deficiencies with the adequacy and effectiveness of the control environments, and/or potential improvements to processes, agree actions with management to resolve issues and process weaknesses, and report the results to management. GIA is committed to supporting management to arrive at pragmatic remedial action plans to mitigate issues identified.
(iv) Monitor the required skills and engage external co-source expertise as necessary.
(v) Monitor the ethical culture and tone set by TP ICAP leaders.
(vi) Monitor the implementation of management action plans, and obtain appropriate evidence or confirmation that the risk identified has been mitigated (or is within risk appetite). Review decisions not to take remedial action(s), deferring risk(s) and tolerating risk exposure(s).
(vii) Assess the adequacy and effectiveness of control functions including Risk, Compliance and Finance, and coordinate with them as appropriate and on matters of risk and control.
(viii) Consider reliance, once assessed, on the work of other internal or external assurance providers to minimise duplication.
(ix) Present at, and issue reports to the appropriate governing bodies, including the AC and Board Committees. The reports, relevant to the committees, will include:
a. periodic information on the status and results of the plan and the sufficiency of the GIA resources. GIA will manage and allocate resources to ensure successful plan delivery;
b. focus on significant control weaknesses with a robust root-cause analysis;
c. thematic issues and trends identified across TP ICAP and their impact on TP ICAP’s risk profile;
d. insight and opinions on the TP ICAP risk and control culture;
e. an independent view of management’s reporting on the risk management of the organisation, including a view on management’s remediation plans highlighting areas where there are significant delays; and
f. at least annually, an assessment of the overall effectiveness of TP ICAP’s governance, and risk and control frameworks and that the risk appetite framework is being adhered to.
(x) Have an open, constructive and co-operative relationship with TP ICAP’s regulators and external auditors, sharing information relevant to their respective responsibilities.
(xi) Align its practices with the code, standards, guidance, and where appropriate industry developments, by maintaining an up to-date set of policies and procedures along with performance and effectiveness measures.
(xii) Monitor compliance against the Code of Ethics, the FS Code, standards and guidance through a robust quality assurance and improvement programme which assesses the conformance, efficiency and effectiveness of all GIA activity and identifies improvement opportunities.
(xiii) Update and present the Charter to the Audit Committee on an annual basis for review and approval.
Last Update & Approval: July 2022
EXPERT INSIGHT & ANALYSIS
Keep up to date with the latest insights and commentary from our global network of in-house experts on LinkedIn.