Financial Services Internal Audit Planning Priorities 2023
Below we highlight new areas relevant to Internal Audit but also those areas we believe will have greater focus in 2023. We hope this informs your 2023 planning and assurance approach.
A ‘Risk Intelligent Culture’ supports and comprises of appropriate risk awareness, behaviours and judgements about risk‐taking. There are 7 key characteristics of a Risk intelligent culture of an organisation:Expectation of challenge: People are comfortable challenging others, including authority figures. The people who are being challenged respond positively.Prompt, transparent and honest communications: People are comfortable talking openly and honestly about risk using a common risk vocabulary that promotes shared understanding of risk. A learning organisation – continuously improving: The collective ability of the organisation to manage risk more effectively is continuously improving.Universal adoption and application: Risk is considered in all activities, from strategic planning to day-to-day operations, in every part of the organisation.Responsibility: People take personal responsibility for the management of risk and proactively seek to involve others when that is the better approach.Understand the value of effective Risk Management: People understand, and enthusiastically articulate, the value that effective risk management brings to the organisation. Commonality of purpose: People’s individual interests, values and beliefs are aligned with the organisation purpose, business objectives, goals and strategy and risk strategy, appetite, limits and approach.Risk culture is an increasing area of interest for Supervisors, and they can and do, challenge firms on all the elements that determine their culture and risk culture.
Diversity of thought and inclusive behaviours in financial services help deliver better consumer and market outcomes including fair value, fair treatment, suitability, confidence and access. Firms need to be sufficiently diverse and inclusive to be able to understand the needs of their customer bases. A lack of diversity could lead to inadequate challenge at decision-making levels, which could lead to consumer and market harm. Inclusion is equally important as individuals should be able to express their views, speak up and raise concerns in a psychologically safe environment, supporting greater innovation and competition for customers and markets. Achieving major change takes personal commitment from everyone in an organisation. This includes leaders, who must prioritise improving diversity and inclusion, exemplify what inclusion means, and are held accountable for outcomes to ensure progress is made. Further, many organisations adopt a structured approach to diversity and inclusion, focused on standalone projects which do not address underlying cultural barriers that exist, and which fail to integrate diversity and inclusion into business processes.