To The Institute of Internal Auditors Financial Services Forum

Glenn Stevens
Governor

Sydney – 17 November 2011

I am pleased to be with you this morning to open this Financial Services Forum focusing on the role of internal audit in financial services firms.

The Reserve Bank's Audit Department has a long association with the IIA and we are strong supporters of the work of the Institute.

The fact that you are holding this Forum is significant. As all of you know only too well, there have been many practices exposed in global financial institutions over the past few years that show poor risk management and failure of controls over lending and trading activities. The fact that these issues continue to surface is a clear indication that the subject matter of today's Forum remains relevant.

From my own experience at the Reserve Bank over many years, I have gained an appreciation of the important role that internal audit can play in our financial institutions. The Reserve Bank is, of course, very much a bank. We have a substantial balance sheet that requires management, we provide a range of banking services to government clients, we operate key pieces of financial infrastructure, and we rely heavily on our IT systems to deliver these services.

Over the years, we have worked to develop a detailed risk management framework to identify where the key risks lie, and set out how they are to be managed. Yet even though much work has gone into developing that framework, like any risk‑management approach, it can only ever be a work in progress – and it remains under continual review. Complementing the risk framework, our internal audit program focuses its attention on the most important risks identified by management.

Like many auditors today, our Audit Department takes a broad view of their responsibilities, reviewing not only the effectiveness of controls but also whether they are the most efficient way to achieve an end. I know that they are conscious that procedures they may have recommended some years ago may no longer be appropriate, given the changes in technology. And of course technology continues to challenge both our systems operators and our auditors, as the threats to the security of our data and communications increase.

Audit Department's work is overseen by the Board's Audit Committee, which has among its members two of the Bank's independent directors, one of whom (Jillian Broadbent) is chair, and which also brings external expertise to bear on assessing the overall audit work of the Bank. This is a key part of the governance structure.

Of course, these arrangements are not unique in any way. They are designed both to meet requirements for Commonwealth authorities and also to be in line with good practice at commercial entities. They do, however, give us at the Reserve Bank an insight into some of the practical challenges facing other financial organisations.

Of particular importance to this audience, we also recognise the challenges involved with appointing, training and keeping an audit staff capable of assessing whether the controls are working as they should. Our audit team has continually to improve its understanding of the breadth and depth of our business and changes to it. To help us maintain best practice, our auditors need to ensure that their technical skills remain up to speed. The IIA's training and certification processes play an important role in assisting this process.

Fostering improvements to the practice of identifying and managing risks, and to the audit processes that are an integral part of that, are central to development of policies aimed at fostering greater financial stability, both in Australia and internationally. The financial stresses of the past few years have placed much greater emphasis on this aspect of our policy work in the Reserve Bank. There are few signs that the additional focus is going to lessen any time soon. If anything, it will increase.