Search results

The need for robust governance standards in financial institutions requires no overemphasis. However, instances of governance failures have been a recurring global phenomenon. This paper examines the key elements of governance in financial institutions, evaluates reasons for failures and suggests ways to strengthen governance and prevent such failures.

The author follows a descriptive design and a behavioural approach to understand the governance issues in financial institutions.

The author identifies key elements of governance, and the potential reasons for failures and highlights that the structure of boards, thrust on the adoption of best practices and regulatory guidelines are necessary but not sufficient to ensure failsafe governance standards. The author emphasises the need for recognition of behavioural factors and a focus on continuous monitoring and red flagging of the conduct of key stakeholders by the third and fourth lines of defence. An effective whistle-blower policy, a clear focus on organisational culture and the subjugation of individuals to the systems can improve the robustness of the governance standards in financial institutions.

To the best of the author's knowledge and belief, the observations and suggestions made in the paper are original. The paper contributes by offering a nuanced perspective for strengthening governance in financial institutions.

The purpose of this paper is to explore how internal auditing may recover from being one of the corporate governance gatekeepers that failed to prevent the global financial crisis.

This paper draws on the theory of professions and provides a brief analysis of internal auditing history, ending with an appraisal of contemporary status.

Internal auditing has not been “fit for purpose” and can be enhanced. Low expectations of internal audit are currently addressed by enhanced guidelines from a number of parties. Internal audit needs to move firmly into the corporate governance space – to audit corporate governance more effectively and to provide more dependable assurance to boards.

The global Institute of Internal Auditors can use recent enhanced internal auditing guidelines as a springboard to regain their lead. Internal audit needs to cut the umbilical cord that ties it to management. The accepted “dual reporting” of internal audit is flawed.

Society cedes professional status to an occupational group when it is in society’s best interests to do so. An attribute of a profession is its accent on serving the public interest. It is unsatisfactory that, five years after the global financial crisis broke, the international Standards for internal auditing still do not articulate the correct professional conduct on making external disclosures in the public interest when internal auditors are aware of serious wrongdoing not satisfactorily addressed internally.

This paper comprises a conceptual analysis to challenge the internal audit profession.

This paper aims to analyse the implementation challenges faced by internal audit departments of public sector organisations and central banks when implementing continuous auditing (CA) systems. CA aims to monitor internal control systems and risk levels on a continuous basis to support the audit process. This study identifies the implementation challenges of CA systems and proposes adequate countermeasures.

This study employs the design science information system research and the design science research process methodologies to ensure the rigor of this analysis. These research methodologies are adopted to tackle identified organisational problems and propose solutions. This methodological approach consists in the following phases: identification of the problems and motivation; definition of the objectives of the solution; research design and development; evaluation; communication.

This study detects several implementation challenges for public sector organisations and central banks and proposes adequate solutions. This study finds that these challenges are related to organisations’ complexity, institutional rigidity, potential threats to internal auditors’ independence and the issue of considering CA system as a “real time error correction” mechanism. The solutions involve the development of a business process focussed audit approach to enable internal auditors to analyse CA indicators, and the use of CA systems to support each phase of the audit process.

This study contributes to the scant strand of literature on internal auditing in central banks. Given the exceptional demand for guidance concerning internal auditing in the public sector and in central banks, this paper provides guidelines for these organisations to implement CA systems and to tackle implementation challenges. The analysis allows internal audit departments within central banks to better support their organisations in the achievement of their important regulatory and policy objectives.

This study challenges the conventional theoretical approach of the ‘Three Lines of Defence’ Model adopted by most of the Maltese credit institutions. The authors propose a paradigm shifting conceptualised framework that would alter the corporate governance structures of banks. The objective is to test the feasibility and willingness of credit institutions to adopt such an approach.

This study challenges the current practices of the internal auditing profession and organisations and invites them to evaluate their structures whilst recognising the benefits of adopting a combined assurance function.

In order to test this hypothesis, the authors sought out semi-structured interviews with controllers (Internal Auditors, Risk Managers and Compliance Officers) within Maltese Credit Institutions, varying in size from significant, medium-sized and small institutions; personal from the Malta Financial Services Authority – The regulator, the Big four audit firms and members of the Malta Forum of Internal Auditors, and practitioners working both within and outside the financial industry.

There were two contrasting opinions regarding the suggested proposition. On the one hand, those operating within the credit institutions, as well as the regulator and the external auditors, do not believe that the proposition of integrating risk, compliance and internal audit functions (IAF) in one team would be possible; the reason being that independence, which is the cornerstone of every IAF, would be severely impacted. On the other hand, there were those practitioners working outside the banking industry but with sufficient experience and knowledge in the field, who challenged the traditional concept of independence. They argue that the functions should not be separate from each other because they have much in common.

Four themes emerged from the study: (1) challenges as a concept, (2) benefits, (3) risks and (4) condition for successful implementation. All interviewees, from risk departments, boards, external auditors and regulators agree that a strong, knowledgeable and independent IAF is fundamental to every organisation but more so within the financial industry. Nevertheless, this study revealed two schools of thought that emerged from the findings in relation to the IAF and its regulation, and specifically, when the authors presented the proposition of an integrated function.

The purpose of this paper is to analyse and comment on recent enhanced pronouncements on internal auditing.

The paper uses content analysis of five 2012-2013 sources of guidance, set out in the tables of this paper and summarised within the text, together with conceptual interpretations.

Recent pronouncements respond, with considerable consensus, to stakeholder and public concerns and fill a partial vacuum left by The Institute of Internal Auditors' Standards. Principally this is about successfully enhancing the scope of internal audit and internal audit's independence from management.

While the paper is conceptual rather than empirical, it builds on the processes followed by the parties who developed the examples of enhanced guidance reviewed in this paper. Those processes included careful development by leaders in the field, public consultation of preliminary proposals, and final amended guidance based on feedback received.

There are implications for staffing of internal audit functions and the seniority and calibre of chief audit executives.

There has been no other attempt to map these developments. It has been done with a view to identifying possible ways forward for internal auditing, especially those which have a high degree of support and which are still to be incorporated into generally accepted internal auditing.

The purpose of this paper is to examine how fire services use social media to educate the public about safety and fire prevention.

Grounded theoretical methods were employed in a rigorous qualitative analysis of five significant fire services’ Twitter accounts in Ontario, Canada.

Seven main themes emerged from the data, with an overarching conclusion that tweets made by fire service organisations and professionals do not focus primarily on fire safety.

This paper addresses a gap in the literature in terms of understanding how social media communicates information about all three lines of defence against fire, with a focus on the first two: public fire safety education, fire safety standards and enforcement and emergency response.

The authors suggest that fire services need to employ a more segmented approach to social media posts with an objective to engage and educate the public.

This paper is the first extensive qualitative analysis to consider the particulars of fire services’ social media presence.

The purpose of this study is to explore the integration of Shariah compliance in the information system of Islamic financial institutions (IFIs) in the context of Malaysia.

By applying qualitative approach in the form of in-depth/structured interview of qualified respondents within Islamic financial industries.

The result of this study indicates that information system advancement will give an increasing level of competitive advantages. Also, the result indicates that the internal control and information system played a vital role in ensuring the Shariah compliance and translating and circulating the Shariah guidelines among the IFIs’ departments and staffs. In terms of Shariah integration in information system, there is a consideration during the development of an information system. Shariah will be an element that needs to be accounted for to develop the information system for IFI.

This includes the scope of the study which is based on Malaysian Islamic banks only. Hence, future studies are recommended to extend this endeavor to other contexts as well. Furthermore, although the initial sample was covering nine IFIs, only two IFIs accepted to participate in the interview. It is suggested that the future studies involve more participants and apply different research techniques such as focus groups or questionnaire survey.

Make sure employees who are in charge of performing any function related to Shariah (i.e. Shariah review, Shariah audit, Shariah research, Shariah risk management) have a basic knowledge on information technology (IT) and information system. Continuous trainings for IFIs’ employees covering the information system and internal control system issues related to the Shariah compliance. Focus on seminars and conferences on outstanding issues related to information system technology in IFIs. Promoting programs and subjects specialized in information system technology in IFIs. IFIs should allocate a budget for system development or enhancement in the financial budget ensuring that IT system is incorporated in Shariah compliance. IFIs should consider enhancement of Shariah compliance encompass and the alignment into the IT system as continuous process, as well as one of their strategic plan aspects. Bank Negara Malaysia as a regulatory body of IFIs should emphasize on regulating the Shariah aspects with regard to the IT system.

This paper’s contributions lies in the enhancement of the development of the Shariah compliance literature, as well in the integration of Shariah compliance and information system in IFIs.

The purpose of this paper is to analyse and investigate how intensified regulatory requirements related to outsourcing have influenced and changed the outsourcing activities of German financial institutions.

The study involved interviewing 11 outsourcing experts in the German financial sector, including four of the five largest banks in Germany. In coding and analysing the collected data, this study adopted the approach of a qualitative content analysis framework.

The study found that the revised legal requirements have had a significant and potentially negative impact on the efficiency of outsourcing, leading to a necessity for German financial institutions to internally realign their outsourcing managements. The study further revealed practical realigned methods German financial institutions executed to meet the legal requirements.

The impact, meaning and relevance of legal requirements in the outsourcing environment of German financial institutions has been relatively under-researched from a qualitative perspective and focused on other primary fields of investigation like outsourcing decisions and outcomes. This study has, by adopting a qualitative approach, addressed the identified gap by providing first-hand insights and new knowledge.

In most industries, legal entities of a certain size and complexity must have a compliance function. Such requirement is either set forth by regulatory law or the governance rules of the relevant organisation. In the highly regulated credit industry, the role and responsibilities of the compliance function are more precisely defined than in other industries. This paper aims to analyse the personal accountability of senior compliance officers in a bank’s compliance function when there is a failure of proper compliance.

This paper is based on a keynote addressed at Jesus College, University of Cambridge, 7 September 2016. The author approaches the issue of senior compliance management by analysing development of international financial regulation with respect to legal requirements for compliance function. Subsequently, the author determines what constitutes senior compliance management and applies the various legal regimes to situations of compliance failures.

While the accountability of the chief compliance officer and deputy for compliance failures is not set forth in regulatory law, courts and scholars have acknowledged such personal responsibility exists resorting to principles of civil law (contracts or torts), criminal law or employment law. Approaches and questions for this legal analysis are similar in a civil law as well as in common law jurisdiction. The most relevant breach of contract of the chief compliance officer will be an omission to act (forbearance), i.e. the failure to properly organize the compliance function and/or to immediately report a compliance risk to the board.

Scholarly work in the law of compliance is still somewhat limited, thus the research also includes practitioners’ observations. The accountability of senior compliance management for compliance failures represents a growing trend in corporate governance to seek individual accountability for corporate misconduct; see, for example, US Department of Justice (DOJ) in its so-called Yates memorandum on “individual accountability for corporate wrongdoing”.

In incidents of non-compliance, banks and their compliance officers should be able to exculpate themselves if they can demonstrate proper organization of the compliance function.

The originality of this general review is to focus the analysis of accountability of senior compliance management on the credit industry and to consider latest developments in international financial regulation, such as the supervisory review and evaluation process (SREP) by the European Central Bank (ECB) in the single supervisory mechanism (SSM) or the corporate governance principles for banks by the Basel Committee on Banking Supervision (BCBS).

The Public Sector is usually assumed to have a risk avoidance culture, with a reactive rather than proactive approach towards the management. However, an improved holistic approach seems to be required, especially when considering the complexity and size of the Public Sector, and the challenges it faces to connect the services, clients and the different levels of governance.

Within this chapter, the authors lay out a maturity level evaluation of Governance, Risk Management and Compliance (GRC) within the Maltese Public Sector. Through documentation analysis of the available literature on the subject, the authors determine the principal themes required to develop an effective GRC practice across the Public Sector. The authors then design statements based on the identified GRC themes and administer it using an online survey tool to Public employees across different Ministries, Departments, Agencies and Entities, in order to obtain their perception. This is in order to determine gaps, weaknesses or limiting factors towards the implementation of an effective GRC.

The results show that, although, there is a substantial percentage of scepticism and few disagreements towards some of the statements, especially those which related to Risk Management (RM) and Internal Auditing (IA), the majority of Public Sector bodies do in fact show high standards of GRC practices integrated and present in their day-to-day operations and internal environment, showing that there is a well-developed Governance, Compliance and Control structure and Internal Audit function across the Sector.

However, the perception of participants is that the RM function is the least developed area. IA needs some improvement especially where trust on advice is involved.