No results found
Financial Services Internal Audit Planning Priorities 2022
Below we highlight new areas relevant to Internal Audit but also those areas we believe will have greater focus in 2022. We hope this informs your 2022 planning and assurance approach.
Why is it important?
The emergence of the COVID-19 pandemic presented a different dimension of stress, with potential rapid asset quality, liquidity and capital impacts and the ability of a firm’s Recovery Plan to track a deterioration in the business as usual (BAU) environment has been of particular interest across the market.
Firms’ indicator frameworks are now brought back into sharp focus, especially as a number of asset quality metrics are directly impacted by the COVID-19 pandemic (such as arrears and provisions).
What's new?
The following changes were made to the European regulators’ approach to Recovery Planning requirements: Whilst these are relatively minor changes, they require new thinking from firms around what scenario testing should include, and what the impacts of asset encumbrance are on Recovery Planning. Furthermore, the impact and response to the COVID-19 pandemic should bring out practical adjustments and enhancements to a firm’s Recovery Plan, especially in an environment where operational changes (such as working remotely or an increase in collections activity) is running alongside this. What should Internal Audit be doing?
Continued scrutiny remains on firms with regard to the quality of their Recovery Plans. Internal Audit should assess whether the quality of Recovery Planning continues to be enhanced and that the practical learnings and ongoing response to COVID-19 is embedded. Internal Audit should also consider whether their assurance approach to Recovery Planning includes coverage of the following typical issues identified in firms’ Recovery Plans:
Why is it important?
Stress testing continues to be a significant tool for firms to use in risk management practices, and this is heightened amidst the unfolding of the COVID-19 pandemic (specifically in relation to the payment deferrals that have occurred) and also with the climate change agenda continuing to be a huge focus for the regulatory bodies. Whilst stress testing is still routinely used to directly inform firms’ capital and liquidity holdings, it is being increasingly used for a breadth of exercises including business model viability, enhanced understanding of risk drivers, and developing understanding of new risks such as those posed by climate related events. Regulatory bodies continue to assess firms’ stress testing capabilities and outputs, as well as exploring the capabilities and outputs from new areas which focused on financial risks from climate change.
What's new?
The European regulators have previously published requirements for Internal Capital Adequacy Assessment Processes (ICAAPs) for climate-related risks and prescribed climate related scenarios but this exercise was paused due to the COVID-19 pandemic and has been restarted with an updated position for 2021. The key requirements for scenario analysis for assessing climate related financial risks are: Three scenarios: Two key risks: Internal Audit should continue to focus on key topical areas such as COVID-19 related impacts and climate change. These two key themes should feature in the following key areas of audit focus: Scenario generation capabilities: Scenario generation capabilities: Horizon scanning: Risk appetite: Models and data:
Strong capabilities for projecting outcomes should include a robust base case plan which can be updated in a timely manner to respond to changes in the external environment such as a stress event/scenario. As such, stress testing of base case plans should be commonplace and should include a range of relevant scenarios that can be utilised effectively to consider any required Management response. These capabilities should be developed for new and growing Banks and should be widened to incorporate climate-related risks. Internal Audit should determine the adequacy of the base case plan and the corresponding capacity of the business to respond to stress events/scenarios.
Horizon scanning practices and associated analyses should be performed to understand the impacts given the many recent and expected changes to guidance as a result of Brexit, CRD V, CRR2, Basel 3.1, COVID-19 and climate related risks. Internal Audit should review the adequacy of the horizon scanning framework to ensure it effectively responds to identifiable future events and scenarios.
As the regulatory environment changes, and new insights are gained from stress testing analysis, firms need to ensure they are updating and regularly monitoring their risk appetites to ensure adherence to regulatory minima. Internal Audit should review the approach to this updating process and ensure robust monitoring controls are in place.
Internal Audit should continue to review the adequacy of the governance frameworks and processes around data and models that are heavily used to inform day to day planning and stress testing. There should be a focus on the approach to model updates as result of recent regulatory changes that will impact upon stress testing activities, such as the Pillar 2B assessment as part of the ICAAP.
Did you find this useful?
If you would like to help improve Deloitte.com further, please complete a 3-minute survey
To tell us what you think, please update your settings to accept analytics and performance cookies.