This Charter sets out the purpose, authority and responsibility of Group Internal Audit (GIA) within TP ICAP Group plc (‘TP ICAP’).
Mission
To enhance and protect organisational value by providing risk-based and objective assurance, advice, and insight.
Purpose
GIA’s purpose is to protect and add value to TP ICAP’s stakeholders by providing high-quality assurance, impactful analysis, and valuable insights to drive continuous improvement, innovation and efficiencies, safeguarding TP ICAP’s assets, reputation, and sustainability and supporting the firm's long-term success. GIA pursues this purpose to assist the Board of TP ICAP, its subsidiary companies and management to accomplish its objectives through the provision of an independent appraisal of the adequacy and effectiveness of governance, risk management and the internal control framework.
GIA executes its primary role by:
i. Assessing whether significant risks are identified, adequately controlled and appropriately reported;
ii. Challenging management to improve the effectiveness of governance and risk management; and
iii. Providing requested advice and guidance through consulting activities.
The Chief Internal Auditor (CIA) is responsible for managing GIA activity. GIA does not provide assurance to external parties.
Mandate & Authority
GIA derives its authority from certain Boards, including the TP ICAP Board which has delegated responsibility for overseeing internal audit activity to an Audit Committee (AC). GIA’s primary reporting line is to the AC. The AC will:
i. Approve decisions regarding the CIA’s remuneration, objectives, performance, independence, appointment or removal;
ii. Assess GIA’s performance and effectiveness;
iii. Review and approve GIA plans and the GIA Charter annually; and
iv. Review and approve the GIA operating model, including ensuring the sufficiency of the GIA budget, headcount, skills and resources, in consultation with the CIA.
The CIA’s administrative reporting line is to the TP ICAP CEO.
GIA is authorised to have unrestricted (full and complete) and timely access to all functions (in-house or outsourced), records (either paper or electronic), property, and personnel. Special arrangements will be made to review confidential or classified information.
GIA’s role, responsibilities, scope and services are described below.
Independence
In order to permit GIA to carry out its work freely and objectively, GIA shall be independent of any administrative, business or other control functions within TP ICAP. GIA has no responsibility or authority over any of the activities or operations that it has reviewed. GIA will not deploy any individual to review any operation over which they have had significant influence or responsibility within a year. GIA shall not develop or implement procedures, prepare records, or engage in activities that it would normally review. GIA does not relieve first line management and the second line of defence of their responsibility for governance, risk management or effective control. GIA is alert to Conflicts Of Interest (COI) and manages all COI identified to ensure its activities, objectivity and independence are not impacted.
The CIA will confirm to the AC, at least annually, the organisational independence of GIA activity. The CIA will disclose details of any impairment to GIA’s independence or objectivity to the AC and the Board. The CIA reserves the right to meet the AC “in camera”.
GIA staff (in-house and co-sourced) are obliged to:
i. Adhere to the Global Internal Audit Standards (GIAS) issued by the Institute of Internal Auditors (IIA).'
ii. Manage their activities to ensure conformance with the Chartered Institute of Internal Auditors (CIIA) code ('the Code’) and other internal audit standards, regulations and laws relevant to internal auditing.
Scope & Responsibilities
All TP ICAP activities, legal entities and locations are within GIA’s scope. GIA will:
i. Use a systematic and disciplined approach to providing independent, objective assurance and consulting activity (as defined by the GIAS) designed to add value and improve TP ICAP’s operations and the effectiveness and efficiency of the risk management, control and governance processes. GIA does not specifically set out to improve profitability or processes, but any such opportunities identified will be communicated to management;
ii. Develop and deliver a flexible, risk-based Internal Audit Plan (‘the plan’) based on an independent risk assessment performed at least annually and any other concerns identified by the AC, management or other relevant stakeholders. GIA will also perform ad hoc reviews and special investigations as requested by the AC, Executive Management or as determined by the CIA;
iii. Consider emerging risks and risks related to errors, fraud and non-compliance; iv. Identify deficiencies with the adequacy, efficiency and effectiveness of the control environments and/or potential improvements to processes, agree actions with management to resolve issues and process weaknesses, and report the results to management. GIA is committed to supporting management to arrive at pragmatic remedial action plans to mitigate issues identified; v. Monitor the required skills and engage external co-source expertise as necessary;
iv. Identify deficiencies with the adequacy, efficiency and effectiveness of the control environments and/or potential improvements to processes, agree actions with management to resolve issues and process weaknesses, and report the results to management. GIA is committed to supporting management to arrive at pragmatic remedial action plans to mitigate issues identified;
v. Monitor the required skills and engage external co-source expertise as necessary;
vi. Monitor the ethical organisational culture and tone set by TP ICAP leaders;
vii. Monitor the implementation of management action plans, and obtain appropriate evidence or confirmation that the risk identified has been managed within risk appetite. Review decisions not to take remedial action(s), deferring risk(s) and tolerating risk exposure(s);
viii. Coordinate with and assess the adequacy and effectiveness of control functions including Risk, Compliance and Finance, and coordinate with them as appropriate on matters of assurance timing, risk and control;
ix. Consider reliance, once assessed, on the work of other internal or external assurance providers to minimise duplication;
x. Present at, and issue reports to the appropriate governing bodies, including the AC and Board Committees. The reports, relevant to the committees, will include:
a) periodic information on the status and results of the plan and the sufficiency of the GIA resources. GIA will manage and allocate resources to ensure successful plan delivery;
b) focus on significant control weaknesses with a robust root-cause analysis;
c) thematic issues and trends identified across TP ICAP and their impact on TP ICAP’s risk profile;
d) insight and opinions on the TP ICAP risk and control culture;
e) an independent view of management’s reporting on the risk management of the organisation, including a view on management’s remediation plans highlighting areas where there are significant delays; and
f) at least annually, an assessment of the overall effectiveness of TP ICAP’s governance and risk and control frameworks, as well as confirming that the risk appetite framework is being adhered to.
xi. Have an open, constructive and co-operative relationship with TP ICAP’s regulators and external auditors, sharing information relevant to their respective responsibilities; xii. Align its practices with the Code, standards, guidance, and where appropriate industry developments, by maintaining an up-to-date set of policies and procedures along with performance and effectiveness measures; xiii. Monitor conformance against the GIAS and the Code, standards and guidance through a robust quality assurance and improvement programme which assesses the conformance, efficiency and effectiveness of all GIA activity and identifies improvement opportunities; and
xii. Align its practices with the Code, standards, guidance, and where appropriate industry developments, by maintaining an up-to-date set of policies and procedures along with performance and effectiveness measures;
xiii. Monitor conformance against the GIAS and the Code, standards and guidance through a robust quality assurance and improvement programme which assesses the conformance, efficiency and effectiveness of all GIA activity and identifies improvement opportunities; and
xiv. Update and present the Charter to the AC on at least an annual basis for review and approval.
Approved by TP ICAP Group Plc Audit Committee on 30 July 2024
