Group internal audit charter

This Charter sets out the purpose, authority and responsibility of Group Internal Audit (GIA) within TP ICAP Group plc (‘TP ICAP’). 

Mission

To enhance and protect organisational value by providing risk-based and objective assurance, advice, and insight.

Purpose

GIA’s purpose is to protect and add value to TP ICAP’s stakeholders by providing high-quality assurance, impactful analysis, and valuable insights to drive continuous improvement, innovation and efficiencies, supporting the firm's long-term success. GIA pursues this purpose to assist the Board of TP ICAP, its subsidiary companies and management to accomplish its objectives through the provision of an independent appraisal of the adequacy and effectiveness of governance, risk management and the internal control framework. Certain Boards, including the TP ICAP Board, have delegated responsibility for overseeing internal audit activity to an Audit Committee (‘AC’). GIA executes its primary role by:

i.  Assessing whether significant risks are identified, adequately controlled and appropriately reported.

ii. Challenging management to improve the effectiveness of governance, risk management and internal controls. 

iii. Providing requested advice and guidance through consulting.

 

Authority

GIA derives its authority from the Boards through the AC. GIA’s primary reporting line will be to the AC. The AC will:

 

i. approve decisions regarding the CIA’s remuneration, objectives, performance, independence, appointment or removal;

ii.    review and approve the GIA Charter annually; and

iii.   review and approve the GIA operating model, including ensuring the sufficiency of GIA budget, headcount, skills and resources, in consultation with the CIA.

The CIA’s administrative reporting line is to the TP ICAP CEO. 

GIA is authorised to have unrestricted (full and complete) and timely access to all functions (in-house or outsourced), records (either paper or electronic), property, and personnel. Special arrangements will be made to review confidential or classified information. 

Independence

In order to permit GIA to carry out its work freely and objectively, GIA shall be independent of any administrative, business or other control function within TP ICAP. GIA has no responsibility or authority over any of the activities or operations that it has reviewed. GIA will not deploy any individual to review any operation over which they have had significant influence or responsibility within a year. GIA shall not develop or implement procedures, prepare records, or engage in activities that it would normally review. GIA does not relieve line management and the second line of defence of their responsibility for effective control. GIA is alert to conflicts of interest (COIs) and manages all COIs identified to ensure its activities, objectivity and independence are not impacted.

The CIA will confirm to the AC, at least annually, the organisational independence of GIA activity. The CIA will disclose details of any impairment to GIA’s independence or objectivity to the AC and the Board.  The CIA reserves the right to meet the AC “in camera”.

GIA staff (in-house and co-sourced) are obliged to:

 

i.    adhere to the Institute of Internal Auditors’ (‘IIA’) Code of Ethics. 

ii.   manage their activities to ensure conformance with the Principles and Standards in the International Professional Practices Framework (‘IPPF’) issued by the IIA, the ‘Guidance on Effective Internal Audit in the Financial Services Sector’ (the ‘FS Code’) and other mandatory and relevant internal audit standards.

 

Scope & Responsibilities

All TP ICAP activities, legal entities and locations are within GIA’s scope. GIA will:

 

i. Use a systematic and disciplined approach to providing independent, objective assurance and consulting activity (as defined by the IIA) designed to add value and improve TP ICAP’s operations and the effectiveness of the risk management, control and governance processes. GIA does not specifically set out to improve profitability or processes, but any such opportunities identified  will be communicated to management. 

ii. Develop and deliver a flexible, risk-based Internal Audit Plan (‘the plan’) based on an independent risk assessment performed at least annually and any other concerns identified by the AC,  management or other relevant stakeholders. GIA will also perform ad hoc reviews and special investigations as requested by the AC, Executive Management or as determined by the CIA. 

iii. Identify deficiencies with the adequacy and effectiveness of the control environments, and/or potential improvements to processes, agree actions with management to resolve issues and process weaknesses, and report the results to management. GIA is committed to supporting management to arrive at pragmatic remedial action plans to mitigate issues identified.

iv. Monitor the required skills and engage external co-source expertise as necessary.

v.  Monitor the ethical culture and tone set by TP ICAP leaders.

vi. Monitor the implementation of management action plans, and obtain appropriate evidence or confirmation that the risk identified has been mitigated (or is within risk appetite). Review decisions not to take remedial action(s), deferring risk(s) and tolerating risk exposure(s)

vii. Assess the adequacy and effectiveness of control functions including Risk, Compliance and Finance, and coordinate with them as appropriate and on matters of risk and control.

viii. Consider reliance, once assessed, on the work of other internal or external assurance providers to minimise duplication.

ix. Present at, and issue reports to the appropriate governing bodies, including the AC and Board Committees. The reports, relevant to the committees, will include:

     a)  periodic information on the status and results of the plan and the sufficiency of the GIA resources. GIA will manage and allocate resources to ensure successful plan delivery; 

     b)   focus on significant control weaknesses with a robust root-cause analysis; 

     c)   thematic issues and trends identified across TP ICAP and their impact on TP ICAP’s risk profile; 

     d)   insight and opinions on the TP ICAP risk and control culture;

     e)   an independent view of management’s reporting on the risk management of the organisation, including a view on management’s remediation plans highlighting areas where there are significant delays; and 

     f)   at least annually, an assessment of the overall effectiveness of TP ICAP’s governance, and risk and control frameworks and that the risk appetite framework is being adhered to. 

x. Have an open, constructive and co-operative relationship with TP ICAP’s regulators and external auditors,  sharing information relevant to their respective responsibilities.

xi. Align its practices with the code, standards, guidance, and where appropriate industry developments, by maintaining an up-to-date set of policies and procedures along with performance and effectiveness measures. 

xii. Monitor conformance against the Code of Ethics, the FS Code, standards and guidance through a robust quality assurance and improvement programme which assesses the conformance, efficiency and effectiveness of all GIA activity and identifies improvement opportunities.

xiii. Update and present the Charter to the Audit Committee on an annual basis for review and approval. 
 

Last Update & Approval: July 2023

 

EXPERT INSIGHT & ANALYSIS

Keep up to date with the latest insights and commentary from our global network of in-house experts on LinkedIn.