Fitness and propriety: the next topic for internal audit?
Blog by Liz Sandwith, chief professional practice advisor | 30 August 2016
The Banking Standards Board (BSB) issued in June 2016 a consultation paper entitled Certification Regime: Fitness and Propriety, which I read with interest last week. The BSB has been established to promote high standards of behaviour and competence across UK banks and building societies. The BSB is neither a regulator nor a trade association and it has no statutory powers.
The consultation paper clearly states that the guidelines are voluntary however, it occurred to me, that as more and more regulators are introducing a fitness and propriety (F&P) requirement that the general principles suggested by BSB could/should be adapted by internal audit to fit any sector thereby promoting high standards of behaviour and competence.
In the financial services sector the new certification regime commenced on 7 March 2016 with a requirement to certify all relevant staff by 7 March 2017. It requires key staff who are managing significant prudential or conduct risks to act in accordance with the new conduct rules and for a firm’s senior managers to attest annually to the F&P of these employees.
I anticipate that in some organisations the certification will also apply to the head of internal audit as well as other key staff within the organisation. I also anticipate that this is an area where internal audit may wish to undertake an internal audit to ensure that the framework within which the certification regime operates is sufficiently rigorous thereby mitigate the risk of potential reputational damage should a certification be subsequently discovered to be incorrect/inappropriate.
With effect from 1 January 2017 internal audit teams will be required to conform to the revised IIA Standards which are due to be issued in October 2016. Part of the BSB certification regime talks about it being a valuable opportunity to 'recognise and endorse staff who demonstrate the expected high level of professionalism', although there isn’t clearly defined roles within the document, simply reference to key staff I would suggest that this is exactly what should be expected/required of a head of internal audit and also members of the internal audit function and must surely sit alongside the internal audit functions requirement to conform with the required Standards?
There are three documents that accompany the consultation paper namely, which are worth reading:
- Fitness and propriety definition and sources of information which encompass honesty, integrity, reputation, capability and financial soundness. The first four are key elements in the IIA Code of Ethics which forms part of the IPPF, conformance with the mandatory elements is a requirement of internal auditor who are members of the Chartered IIA or IIA Global it is therefore likely that internal auditors are already compliant with a significant proportion of the certification requirements
- Fitness and propriety assessment principles which potentially provide the basis for an internal audit terms of reference
- Fitness and propriety assessment record template which is a self-assessment template that would also provide an internal audit test template as appropriate
The concept of the F&P certification regime also links, in my opinion, into the internal audit function auditing culture concept. I have used tools such as this in previous organisations to assess not only compliance with requirements, even if they are mandatory not voluntary, but also as a thermometer as to the culture of the organisation.
F&P speaks to the overarching culture of an organisation, how it links into the recruitment of key staff and the importance of having the risk people in the right roles who share the values and believes of the organisation.
