Imagen de cabecera

The Internal Audit Chief Operating Officer for large teams

A CAE, with a small or a large team, spends a significant time in administrative tasks. They are important: from preparing for the Audit Committee to managing human resources and budget, from preparing the annual plan to participating to internal or external events… Sometimes these tasks are distributed amidst team members, or shared with an assistant when there is one.

Such tasks become very time consuming for CAEs of large teams, to the point of becoming a distraction – at least a perceived one – from the inner core of auditing such as the identification of the enterprise risks, the performance of audits, the issuance of recommendations, the assessments of controls and the provision of an opinion on the Internal Control Systems…

As Group CAE (900 auditors, 45 teams globally), I quickly realized that I needed support, in 9 areas: the internal standards setting, people management, IT solutions development and maintenance, communication, reporting, planning, budget and KPIs development and oversight, logistics of the Group Audit (GA) central team, SLA management and invoicing.

I created a “functional enablement” (FE) team, led by a sort of IA COO, reporting to the Group CAE:

· Reporting is especially critical. GA was getting annually up to 2000 local teams audit reports, (including regulatory driven reports) from local audit teams, with a range from 5 to 20 findings per report. The FE team would perform a monthly analysis and aggregation of these reports, and produce regular reporting to Board of Management, Audit Committee and Group Regulator. The team would identify trends (especially “low signals”) and potential systematic gaps in the Group Internal Control Systems as a basis for future audits. The team would also perform the follow-up on audit findings from GA, control the follow-up status for local audit teams as well as the completion of remediation actions.

· Group wide Standard Setting and Quality Assurance. The FE team had big normative role, having the lead on the production and regular update of the Group Global Audit Framework: Group Audit Policy, Standards, Manual, and the maintenance of Group wide audit processes.

The FE team would also develop the global quality assurance program and steer the performance Quality Review performance by Group Audit to ensure adherence to the Group Global Audit Framework.

· Audit Universe and Planning: the IA COO would co-own the GA and Group Standard Audit universe, and ensure the adequate risk based global audit coverage in line with Solvency 2 requirements. The IA COO also would direct the annual planning and resource allocation for Group Audit, and control the plan fulfillment by the local audit departments

· IT support: the FE team directs the implementation and updates of the Global Audit Framework into global audit tool, to ensure a consistent audit approach and quality throughout thge Group. It maintains the global audit tool via central license/contract management.

· Global HR Management: the IIA COO would plan, control and direct HR activities across the function, for example with the management of the global talent pipeline, the ADP – Audit Development Planner – tool, the coordination global trainings…

Retrospectively, creating this FE team was a no-brainer, yet it was quite innovative, and it remains so. Group Audit became faster, even more disciplined, creating a strong “ONE” audit function with both global and local reach and impact.

I later replicated this model in the Group Compliance function when I became the Group CCO.

Allianz is today the world’s largest insurance company and the largest financial services company in Europe. I am proud that I could contribute to the Group success by building a modern, state of the art IA function: the Functional Enablement team has been a major achievement.

I am very grateful to my colleague and friend Michael Kaupa, an excellent and very senior auditor, who successfully took up the challenge to take this role and to develop this FE activity, both in Group Audit and later in Group Compliance.