Speech Opening Remarks to the Institute of Internal Auditors Financial Services Forum

I am pleased to be with you this morning to open this Financial Services Forum focusing on the role of internal audit in financial services firms.

The Reserve Bank's Audit Department has a long association with the IIA and we are strong supporters of the work of the Institute.

The fact that you are holding this Forum is significant. As all of you know only too well, there have been many practices exposed in global financial institutions over the past few years that show poor risk management and failure of controls over lending and trading activities. The fact that these issues continue to surface is a clear indication that the subject matter of today's Forum remains relevant.

From my own experience at the Reserve Bank over many years, I have gained an appreciation of the important role that internal audit can play in our financial institutions. The Reserve Bank is, of course, very much a bank. We have a substantial balance sheet that requires management, we provide a range of banking services to government clients, we operate key pieces of financial infrastructure, and we rely heavily on our IT systems to deliver these services.

Over the years, we have worked to develop a detailed risk management framework to identify where the key risks lie, and set out how they are to be managed. Yet even though much work has gone into developing that framework, like any risk-management approach, it can only ever be a work in progress – and it remains under continual review. Complementing the risk framework, our internal audit program focuses its attention on the most important risks identified by management.

Like many auditors today, our Audit Department takes a broad view of their responsibilities, reviewing not only the effectiveness of controls but also whether they are the most efficient way to achieve an end. I know that they are conscious that procedures they may have recommended some years ago may no longer be appropriate, given the changes in technology. And of course technology continues to challenge both our systems operators and our auditors, as the threats to the security of our data and communications increase.

Audit Department's work is overseen by the Board's Audit Committee, which has among its members two of the Bank's independent directors, one of whom (Jillian Broadbent) is chair, and which also brings external expertise to bear on assessing the overall audit work of the Bank. This is a key part of the governance structure.

Of course, these arrangements are not unique in any way. They are designed both to meet requirements for Commonwealth authorities and also to be in line with good practice at commercial entities. They do, however, give us at the Reserve Bank an insight into some of the practical challenges facing other financial organisations.

Of particular importance to this audience, we also recognise the challenges involved with appointing, training and keeping an audit staff capable of assessing whether the controls are working as they should. Our audit team has continually to improve its understanding of the breadth and depth of our business and changes to it. To help us maintain best practice, our auditors need to ensure that their technical skills remain up to speed. The IIA's training and certification processes play an important role in assisting this process.

Fostering improvements to the practice of identifying and managing risks, and to the audit processes that are an integral part of that, are central to development of policies aimed at fostering greater financial stability, both in Australia and internationally. The financial stresses of the past few years have placed much greater emphasis on this aspect of our policy work in the Reserve Bank. There are few signs that the additional focus is going to lessen any time soon. If anything, it will increase.

Domestically, we have worked closely with the other members of the Council of Financial Regulators on a number of initiatives including the Financial Claims Scheme, the structure of financial market regulation and the role of central counterparties in the settlement of securities and derivatives transactions.

Internationally, through our membership of the Financial Stability Board, the Basel Committee on Banking Supervision and the G-20, along with colleagues in APRA and the Treasury, we have been involved in efforts to strengthen the international financial architecture, the rules governing the risks to which financial institutions are exposed and the buffers they are obliged to maintain in case things go wrong.

The implications of these initiatives on the way in which financial institutions are managed are potentially far reaching. They are also important for internal auditors, in two respects. First, they are designed to make the institutions you are working for more resilient in the face of a wide range of pressures. If the changes are made effectively, they should help you sleep a little better at night. But second, many of the changes are complex and challenging, requiring important shifts in the way institutions operate, with even more emphasis on controls focused on risk than in the past. There is clearly a need for internal auditors to keep well abreast of these developments in financial institutions so that you can play the role expected of you in contributing to good corporate governance and, thus, to improved prospects for financial stability.

Australia's corporations and governments, not to mention savers and investors, rely heavily on your work and it is crucial that it is done well. Today's agenda suggests that you should finish the day even better equipped to meet this challenge. I wish you a successful day.