Professional Documents
Culture Documents
2 Internal control system and internal audit function for IORPs towerswatson.com
•• (On the grounds of proportionality) conduct EIOPA states that the ‘professional competence
this by means of discussion by the IORP’s of [the auditor] is essential’ and ‘strongly
governing board, at least annually, and recommends’ that IORPs be able to outsource this
specifically referenced in the minutes. function ‘regardless of…size’.
It appears that EIOPA will expect larger and more EIOPA does not specify what the alternative
complex IORPs to have a designated function measures might be, but recommends that
separate from the governing board. Whoever supervisors should have the power to review them.
is fulfilling the function – whether internally or EIOPA also hints that special provisions might
externally – would advise the board ‘on compliance apply where cross-border activity occurs.
with the laws, regulations and administration
As with the internal controls system
provisions’. Moreover, the compliance function
recommendations, EIOPA sees no fundamental
would have a duty to whistle-blow to supervisors
difference between defined benefit and defined
in the event that the IORP’s board fails to
contribution IORPs in the requirement for an
‘take appropriate and timely remedial action’ to
independent auditor – albeit ‘it is inevitable
redress any shortcoming.
that the implementation of [the] function
EIOPA highlights the importance of the compliance will be different’. The differing requirements
function in ensuring compliance with the social and might be developed further in Level 2
labour law of ‘host States’ in cases of cross-border implementing measures.
activity. It also alludes to requiring cross-border
Again as is the case for internal control
plans to have a separate compliance function,
systems, the auditor should report to the
irrespective of whether ‘proportionality’ arguments
IORP’s management board, but underpinned
might otherwise militate in favour of this function
with whistle-blowing provisions and the power for
being carried out by the governing board, as set
supervisors to obtain reports from the auditor.
out above.
Internal audit What does it all mean?
Despite the absence of any specific provision
For many IORPs it would appear that there will be
in the existing IORP Directive, the 2010 CEIOPS
little that is likely to change in regard to existing
report on management oversight and internal
internal control systems. For larger, more complex
controls 1 revealed that the supervisory regime
IORPs and those carrying out cross-border activity,
within 15 of 22 responding countries already
it is likely that a formal, independent compliance
provided for an internal audit function. EIOPA
function will be created (whether in-house or
recommends such a function be introduced in
outsourced) – with a formal advisory role to the
the revised IORP Directive – harmonising both the
IORP’s governing board and explicit whistle-blowing
treatment of IORPs across the different countries
duties to supervisors.
of Europe and the treatment of IORPs with that
of insurers. For many countries it would also appear that
the introduction of an internal audit function
As noted above in relation to internal control
will represent no change from the present.
systems, research showed that many IORPs
Whether the detail of the proposals, particularly
outsource one or more critical or important
the Level 2 implementing measures, necessitates
functions. EIOPA’s advice is that such outsourcing
change remains to be seen. For other countries,
should fall under the scope of the internal audit.
however, an internal audit function will be a new role
This should, in turn, check whether the third party
and likely to lead to an increase in costs.
has a ‘well-adapted and effective internal audit
system’ and if not, the IORP should ‘monitor Further information
[the third party’s] activities and urge [them] to
take the appropriate measures…to comply with For further information, please contact your
the… internal audit [principle]’. Outsourcing does Towers Watson consultant, or
not diminish the IORP’s responsibility.
Dave Roberts
As with internal control systems, IORPs should be +44 20 7227 2008
left to determine how they carry out the internal dave.roberts@towerswatson.com
audit function – including being able to:
•• Appoint a named individual. However, in contrast Mark Dowsey
with the ‘compliance function’ within the internal +44 1737 274535
control system, EIOPA states that ‘the internal mark.dowsey@towerswatson.com
auditor must be independent and…cannot be
involved with the management of the IORP’. Paul Kelly
•• Outsource that function to a third party. +44 20 7170 2544
•• (On the grounds of proportionality) implement paul.kelly@towerswatson.com
alternative measures meeting the general
objectives of an internal audit function.
towerswatson.com Internal control system and internal audit function for IORPs 3
About Towers Watson
Towers Watson is a leading global professional services
company that helps organisations improve performance
through effective people, risk and financial management.
With 14,000 associates around the world, we offer solutions
in the areas of benefits, talent management, rewards, and
risk and capital management.
towerswatson.com