The current crisis is posing difficult challenges to the Banking System, which is requested to rapidly adapt and cope with fast-moving regulations and market developments.
A Banking Group risk profile can potentially be impacted on a wide range of drivers: business, regulatory, country, credit, liquidity and financial risk, operational/continuity (among which IT and cybersecurity, physical safety), fraud risk, and reputational risk.
The purpose of this thought paper is to define what role should be played by Internal Audit (IA) in the current situation to meet the expectations of its stakeholders, including Board members, Top Management, and Regulators, as a third-line independent function and how this role must be carried out.
We would like to thank all the people involved in this thought paper, in particular, Claudio Testa, CAE at Intesa Sanpaolo, and the Executive Directors at ISP Audit Department at Intesa Sanpaolo: Paolo Nasi, Mauro Zanni, and Tortelotti Stefano. We would also like to thank the ECIIA Banking Committee members for reviewing this publication.