There is no secret that financial institutions, including fintech companies, need to perform internal audit. But what actual value does internal audit bring to the company? What different audits can be performed and what internal auditors should know to deliver great quality audit? Daiva Lideikienė, Head of Banking and Investment Practice Group of ECOVIS ProventusLaw, gives more details on why internal audit is especially important nowadays, how it is performed and what is the auditor’s role in the company at all.
Where Does the Need for Internal Audit Come from?
First, the Resolution No 03-106 of the Board of the Bank of Lithuania (BoL) came into effect in 1st of January 2021 setting the requirement for internal audit.
Second, at the end of March, 2023, BoL published an overview of the electronic money (EMI) and payment institutions’ (PI) sector. The sector grew rapidly, therefore, as BoL puts it – strong growth calls for better compliance.
The most important areas, according to BoL, are the following: prevention of money laundering, compliance with the requirements for the protection of equity capital and customer funds, internal control and risk management requirements, and strengthening compliance. Therefore, the focus will be to improve the compliance of the EMI/PI sector in the following areas: reporting, audit reporting, capitalization, and licensing activities.
In the middle of April, BoL acted as it promised – 2 EMIs were fined for not complying with internal audit requirements.
What is the Value of an Internal Audit?
Internal auditors help fintechs to understand whether processes work the way they are designed and documented. In other words – do the daily operations meet internal policies & procedures, regulatory requirements, local and international best practice. The main objective of an internal auditor is to show where processes can be improved to ensure compliance. Internal audit helps an organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
How is the Internal Audit Service Structured?
Based on our expert knowledge and the initial EMI/PI risk assessment, we prepare a risk based internal audit plan that considers the timing, scope and objectives for the 3 year’s work. This plan is updated on an annual basis considering recent regulatory developments and market changes. Based on the agreed audit plan we establish tailor-made audit scope and objectives for each audit. We follow internal audit methodology, ask our clients to complete questionnaires, perform testing and interviews with responsible staff and other auditing methods to accomplish each objective. We communicate and work with the management and management board throughout the year and provide an annual report regarding internal audit process, implemented action plans, potential changes to the audit plan and the results of audits performed.
What is the Experience of ECOVIS ProventusLaw Internal Audit Team?
We act as internal auditors for more than 15 licensed financial institutions in Lithuania. Some of our clients are EMI’s from top 10 biggest turnover companies (11 % of the market share) in 2022, one payment service provider is an acknowledged unicorn in the global payment market.
ECOVIS ProventusLaw has performed more than 25 AML/CTF/International sanctions audits; 10 safeguarding of clients’ funds audits, 7 Internal control, governance and risk management framework internal audits; 9 internal and external GDPR audits; 8 Information and communication audits, and also audits in other important topics such as risk management, capital adequacy, payment service compliance to the license issued, internal communication, customer service, compliance function.
ProventusLaw ensures that internal audits are performed by internal auditors with appropriate qualifications. Our internal audit team consists of 6 auditors, who completed trainings from Internal auditors’ association Lithuania. Our internal auditors specialize in the most important topics for the financial sector – AML, GDPR, governance. 3 of the team members have additional certifications in AML/CTF (CAMS certified experts) and international sanctions (K2 Integrity), 3 other members hold data protection certificates from International Association of Privacy Professionals. We also have cooperation agreements with certified and qualified auditors from IT, Information security, and Cyber security areas to ensure the quality of ICT audits.