Friday, September 30, 2011
Outsourcing and internal control in Banking Part.II
In this context, the establishment of collective audit providers could help save time and productivity for each establishment.
This optimization of the audit activities outsourced more and more interested in the Inspection Branch of the big banks. And working groups were formed in a pooled between several banks in order to define the terms of planning, implementation and monitoring of audits of providers. The working group is considering the establishment of a governance structure, a plan of joint audit and risk mapping for the shared use of audits should be part of common control risks of each institution without failing to respect the privacy principles of each Bank.
However, to date, nothing has yet been clearly defined and different approaches are envisaged for the implementation of shared audits:
* Audits carried out by joint team delegations
* Audits shared between delegations (each delegating the responsibility of an audit)
* Audits by authorized third parties
what could be the conclusions of this working group?
The operational implementation of a system audit activities outsourced based on audits shared between the delegating or on a joint team delegations, would seem the most logical and easiest to implement. But that solution presents risks to lead to potential conflicts of interest on the conduct of audits, the findings and the implementation of action plans. Thus, differences between schools could undermine the legitimate operation of the audits. The conduct of audits by authorized third parties, outside each bank, would then appear as the preferred solution as long as you specify the responsibility of each institution's contractual terms.
But should we in this case provide auditing services of third parties mandated?
Indeed, in the case of annual monitoring of outsourced activities, external auditors could be considered as service providers intellectual Internal Control. The control activity is necessarily "essential" it therefore falls within the scope of activities to be audited!
Under these conditions, the task of the Working Group seems difficult to reach consensus on a pragmatic and operative in order not to deport the weight of outsourced activities on control functions.