Integrated Annual Report 2015

Internal audit

Internal Audit's activity is governed by an internal audit charter which is approved by the group audit committees and is reviewed annually. The charter defines the purpose, authority and responsibilities of the function

As a result of the regulatory responsibilities arising from the DLC structure, there are two group Internal Audit departments located in London and Johannesburg, responsible for Investec plc and Investec Limited respectively. Investec Bank plc (Irish branch) has its own Internal Audit function reporting into Investec plc Internal Audit. In combination, the functions cover all the geographies in which Investec operates. These functions use a global risk-based methodology and cooperate technically and operationally.

The heads of internal audit report at each audit committee meeting and have a direct reporting line to the chairman of the audit committee as well as the appropriate chief executive officers. They operate independently of executive management, but have regular access to their local chief executive officer and to BU executives. The heads of internal audit are responsible for coordinating internal audit efforts to ensure coverage is global and departmental skills are leveraged to maximise efficiency. For administrative purposes, the heads of internal audit also report to the global head of corporate governance and compliance. The functions comply with the International Standards for the Professional Practice of Internal Auditing, and are subject to an independent Quality Assurance Review (QAR) at appropriate intervals. The most recent independent QAR benchmarked the functions against the July 2013 publication by the Chartered Institute for Internal Auditors entitled Effective Internal Audit in the Financial Services Sector. The results were communicated to the audit committees in March 2014 and to the respective regulators. A QAR follow-up review was completed and results issued to the audit committees in January 2015 as well as to the respective regulators.

Annually, Internal Audit conducts a formal risk assessment of the entire business from which a comprehensive risk-based audit plan is derived. The assessment and programme are validated by executive management and approved by the responsible audit committee.

Very high risk businesses and processes are audited at least every 12 months, with other areas covered at regular intervals based on their risk profile. There is an ongoing focus on identifying fraud risk as well as auditing technology risks given Investec’s dependence on IT systems. Internal Audit also liaises with the external auditors and other assurance providers to enhance efficiencies in terms of integrated assurance. The annual plan is reviewed regularly to ensure it remains relevant and responsive, given changes in the operating environment. The audit committee approves any changes to the plan.

Significant control weaknesses are reported, in terms of an escalation protocol, to the local assurance forums, where remediation procedures and progress are considered and monitored in detail by management. The audit committee receives a report on significant issues and actions taken by management to enhance related controls. An update on the status of previously raised issues is provided by Internal Audit to each audit committee. If there are concerns in relation to overdue issues, these will be escalated to the executive risk review forum to expedite resolution.

Internal Audit proactively reviews its practices and resources for adequacy and appropriateness to meet an increasingly demanding corporate governance and regulatory environment, including the requirements of King III in South Africa. The audit teams comprise well-qualified, experienced staff to ensure that the function has the competence to match Investec’s diverse requirements. Where specific specialist skills or additional resources are required, these are obtained from third parties. Internal Audit resources are subject to review by the respective audit committees.

Get the most out of our report
Mouse over an icon for
more information
    Denotes information in the risk, corporate responsibility and remuneration reports that form part of the group’s audited annual financial statements
Audited information
  Denotes our consideration of a reporting standard
Reporting standard
  Refers readers to the definitions
  Refers readers to information elsewhere in this report
Page reference
  Refers readers to further information in our sustainability report available on our website:
  Indicates that additional information is available on our website:
Investec website  |  Privacy Policy  |  Contact us ©2015 Copyright. All rights reserved