• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
white-paper-on-a-vintage-typewriter-4057659.jpg

The FS Code for risk teams – why Internal Audit should welcome the Risk Coalition’s guidance

June 10, 2020

Up until the global financial crisis, many financial services internal audit teams tended to give risk teams an easy time. This often reflected the need to maintain a close working relationship, with a view to delivering a more efficient, integrated assurance approach. Additionally, many audit teams felt they didn't have sufficient depth in credit, market or actuarial skills to effectively challenge the risk teams and their frameworks.

Then the world changed... and internal audit blinked and carried on. The regulators were mainly focused on markets, executives, boards, traders and compliance officers. So, they gave internal auditors an easy ride... until 2013.  And then the Financial Services Code rattled internal audit's cage and their world changed; and most would agree the bar has been raised significantly since then.

The launch of the Risk Coalition’s guidance in December 2019 will hopefully do something similar for risk teams. It has the backing of a wide range of professional bodies (the Chartered Institute of Internal Auditors amongst them) and even the regulators have welcomed the initiative. And one major benefit for internal audit is it finally gives us a clearer and maybe even a model framework to audit risk against. 

Many CROs and their risk teams are likely to perform some form of gap analysis in the first 18 months and those reports are potentially gold dust for Chief Internal Auditors looking to give an opinion on the effectiveness of risk teams. Further, the current Covid-19 world can give auditors some time to study the guidance in more depth and look at how some quick wins can be achieved.

It is also likely to get on to the agenda of board risk committees, as well as the range of internal risk committees which regularly form part of a typical financial services governance structure. This rich seam of valuable guidance will also give internal audit some clearer direction and insight as to how to take better account of the work that risk teams are performing. The Risk Coalition have even developed their own Gap Analysis and Benchmarking Insights service (GABI), to help audit teams and risk functions undertake an assessment against the guidance.

But a word to the wise; this is not a tick box exercise. There is real value in thinking through how the major elements of the guidance can be applied to your firm. Proportionality is important, as is objectivity. Internal auditors tend to apply greater levels of objectivity when it comes to risk assessment. They can do the same here and will be able to add a valuable level of insight to the application of the risk guidance.

David Alexander - Managing Director, Daart Solutions

Tags: David Alexander
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson