COMMUNIQUE ISSUED AT THE END OF THE 2023 ANNUAL GENERAL MEETING OF THE ASSOCIATION OF CHIEF AUDIT EXECUTIVES OF BANKS IN NIGERIA (ACAEBIN),RD HELD ON MARCH 23 , 2023 AT THE MOVENPICK HOTEL LAGOS
The Association of Chief Audit Executives of Banks in Nigeria (ACAEBIN) recently held its 2023 Annual General Meeting. The one-day event had in attendance, Regulators and other key Industry Practitioners. The event was declared open by Ken Opara, Ph.D, FCIB, President/Chairman of Council, Chartered Institute of Bankers of Nigeria (CIBN). Discussions at the meeting centered on the theme, ‘Keeping up with NextGen in Internal Audit.’
The business environment post-Covid-19 pandemic has been changing due to accelerated technological innovations and advancements and the implication of this for Internal Audit is the adoption of technology in audit reviews – being adaptable and agile. Internal Audit must be able to respond quickly to changes in business operations, emerging risks, or changes in regulatory requirements. The next generation of Internal Audit needs to focus more on risk management rather than compliance – the focus should shift towards pre-mortem analysis, identifying emerging risks along with the potential of the organization and developing strategies to mitigate them. Below are the resolutions reached during the meeting:
- 1. Organizations should be aware of increased cyber threats resulting from the adoption of technological advancements and innovations.
- 2. Internal auditors must have a deeper understanding of the business domain within which they operate, work closely with other functions, and identify emerging risks. They must be adaptable and agile, responding quickly to changing
circumstances and working in an agile manner to achieve continuous improvement.
- 3. The Internal Audit Function must have a continuous learning culture. It is important for internal auditors to attend training and development programs.
- 4. Third-party arrangements may reduce management’s direct control of responding to risk. If not properly managed, thirdparty arrangements may result in several issues like financial loss arising from Litigation, violation of regulatory
directives, loss of customers, and reputational damage. The Internal Audit activity should be planned to ensure that
vendors and service provider risks are adequately identified and assessed.
- 5. A very essential part of a third-party relationship is continuous monitoring. Some of the major metrics for third-party
monitoring are Financial Stability, Compliance with contractual obligations, Cybersecurity Posture, and Reputation
concerns. Deliberate measures need to be put in place to ensure that these monitoring metrics are continuously assessed.
- 6. Effective management of evolving third-party risks requires organizations to adopt real-time monitoring methods that are proactive rather than reactive. This includes utilizing innovative processes, new data sets, Artiicial Intelligence
technology and refreshed skill sets to enable ongoing monitoring. Processes that focus on post-contract monitoring, as opposed to due diligence and pre-contract, should be de-emphasized.
- 7. For the Internal Audit (IA) to be perceived as protecting, building, and preserving value, it needs to truly assure, advise, anticipate and accelerate. The IA of the future will play an active role in educating stakeholders and sharing tools, insights, and knowledge. Effective IA functions with a dynamic and forward-looking mindset are likely to be viewed positively by key stakeholders. The future is now!
- 8. The Securities and Exchange Commission (SEC) issued the ‘Guidance on the Implementation of Sections 60 – 63 of The Investments and Securities Act 2007’ in March 2021. This is effective immediately, and it requires public companies to report on compliance in their annual reports from December 2023 inancial year-end. Management’s evaluation of evidence of the operating effectiveness of Internal Control Over Financial Reporting (ICFR) is performed by the Internal Audit Function. Internal Auditors evaluation considers whether the control is operating as designed. Consequently,
Internal Auditors should focus their evaluation of the operation of controls on areas posing the highest ICFR risk.
- 9. ISA section 63 also requires that ‘an auditor of a public company shall, in his audit report to the company, issue a statement as to the existence, adequacy and effectiveness or otherwise of the internal control system of the company’. In this regard, External Auditor may place reliance on the work of Internal Audit Function. Internal Auditors are expected to directly examine internal controls and recommend improvements.
- 10. The Internal Audit function can provide information that is useful to the External Auditor in obtaining an understanding of the entity and its environment, the applicable financial reporting framework and the entity’s system of internal control, and in identifying and assessing risks of material misstatement at the financial statement and assertion levels.
- 11. In accordance with the Investment and Securities Act 240, the internal audit function shall provide information to the auditor regarding any actual, suspected, or alleged fraud, the auditor takes this into account in the auditor’s identification of risk of material misstatement due to fraud.
Signed: Association of Chief Audit Executives of Banks in Nigeria (ACAEBIN)