The primary objective of Group-wide Internal Audit (‘GwIA’) is ‘to assist the Board, Group Executive Committee, Group Audit Committee (GAC) and Group Risk Committee (GRC) in protecting the assets, reputation and sustainability of the organisation through the assessment and reporting of the overall effectiveness of risk management, control and governance processes across the Group; and by appropriately challenging Executive Management to improve the effectiveness of those processes.’
GwIA activity is not restricted in scope in any way and is empowered by the GAC to audit all parts of the Prudential Group and will have full access to any of the organisation’s records, physical properties and personnel. All employees are requested to assist GwIA in fulfilling its roles and responsibilities.
The GwIA Director (GwIAD) is accountable to the GAC through a functional reporting line to the Chair of the Committee. The GwIAD will periodically assess, and report to the GAC, on the continued adequacy of the function's mandate, authority and responsibility in order to enable it to accomplish its objectives.
GwIA Leadership Team
It is the responsibility of the GwIAD to deliver the GwIA Mandate. In this regard the GwIAD is supported by an organisational structure that includes a Leadership Team which comprises the appointed Audit Directors and other senior members of GwIA. The members of the Leadership Team are appointed by the GwIAD.
The GwIA Leadership Team is responsible for all formal functional reporting requirements to the GAC and the Business Unit (BU) Audit Committees. The primary role of the Quality Assurance Director (QAD) is to monitor and evaluate adherence to GwIA standards and audit methodology.
4. Scope and Responsibility
The work of GwIA complements the wider Enterprise Risk Management framework of the Prudential Group in that it operates as a 'third-line of defence' in the provision of independent and objective internal control assurance. The assessment of the adequacy and effectiveness of the Risk Management, Compliance and Finance functions is within the scope of GwIA and as such GwIA is independent of these functions and is neither responsible for, nor part of, them.
The scope of GwIA activities encompass the examination and evaluation of the adequacy and effectiveness of the Prudential Group’s system of internal control and the quality of performance in carrying out assigned responsibilities within the context of protecting the assets, reputation and sustainability of the organisation. The scope includes:
- Performance of an independent assessment of risk and the design and operational effectiveness of controls implemented to mitigate the risks identified and an assessment of whether risk appetite has been established, embedded within the activities, limits and reporting of the Group, and reviewed through the active involvement of the Board and Executive Management.
- An assessment of whether the information presented to the Board and Executive Management for strategic and operational decision making fairly represents the benefits, risks and assumptions associated with the strategy and corresponding business model.
- An assessment of the management of the Group’s capital and liquidity risks.
- Key corporate events such as the introduction of new products and services, outsourcing decisions and acquisitions/divestments to determine whether key risks are being adequately addressed and reported.
- An assessment of the risk and control culture of the Group.
- An evaluation as to whether the design and control of products, services and supporting processes deliver appropriate customer outcomes.
- An evaluation of the design and operating effectiveness of the Group’s internal governance, policies and processes, and that they are in line with the objectives, risk appetite and values of the Group.
- Making objective and appropriate recommendations to improve the Group’s control environment and assist the business achieve their strategies.
- Reporting significant matters arising to GAC and GRC.
- Providing assurance that issues raised are addressed and resolved to mitigate the risks reported on a timely basis.
All GwIA engagements will be conducted with proficiency and due professional care.
Internal Audit Plan
The GwIAD will submit an annual audit plan to the GAC for review and approval. Individual BU audit plans will also be agreed with the relevant BU Audit Committee. The annual audit plan will be based on prioritisation of the identified 'audit universe' using an ‘Audit Needs’ risk-based methodology, incorporating input from GHO and BU stakeholders and subject to ongoing review.
5. Independence and Objectivity
GwIA is committed to maintaining its independence and objectivity in the discharge of its responsibilities, and appropriate reporting lines are in place to support this goal:
- The GwIAD reports all audit related matters to the GAC and communicates directly with the GAC through attendance at its meetings, as well as attending those of each BU Audit Committee. For administrative purposes (excluding strictly all audit related matters) the GwIAD is a direct report of the Group Chief Executive Officer (CEO). The GwIAD will also have direct access to the Chairman of the Board.
- The GwIAD in consultation with the Group CEO is empowered to attend and observe all or part of Group Executive Committee (GEC) meetings and any other key management decision making as appropriate.
- Audit Directors report to the GwIAD as functional head, while recognising local legislation or regulation as appropriate. This includes the responsibility for setting budgets and remuneration, conducting appraisals and reviewing the audit plan. The GwIAD will consider the independence, objectivity and tenure of the Audit Directors when performing their appraisals.
- GwIA staff are expected to exhibit the highest level of professional objectivity in carrying out their duties, must make a balanced assessment of all relevant circumstances, remain impartial and seek to avoid any professional or personal conflict of interest. From time to time GwIA may be requested to provide consultancy services to a business area. Where such services entail significant involvement with the business or result in the business instigating major changes to its processes or activities, the GwIA staff involved will only provide assurance services to that area where there is no perceived or actual conflict of interest, in accordance with the GwIA Conflict of Interest Policy.
6. Relationships with Other Assurance Functions
GwIA will consider the work of other assurance functions within the Prudential Group (Risk, Compliance, etc.) as well as requirements from external bodies such as the external auditors and the Group’s regulators when determining the level of Internal Audit activity in any business area.
Through the exercise of informed judgement, the GwIAD and Audit Directors are responsible for determining how much reliance can be placed on the work of other assurance functions following a thorough evaluation of the effectiveness of that function in relation to the area under review.
GwIA will establish and maintain a close and continuous relationship with the Group’s regulatory authorities. In addition, GwIA will work closely with the external auditors and, where possible, align annual plans to ensure maximum reliance can be placed on the work of GwIA.
7. Reporting and Monitoring
In most instances a written and graded report will be prepared and issued following the conclusion of each assurance engagement and will be distributed as appropriate. The GwIAD may authorise the issue of a non-opinion bearing report. Details of key audit results and any exceptions identified are reported to the GEC, GAC, BU Audit Committees and GRC.
GwIA will provide GAC, at least annually, an assessment, based on the audit work performed, of the overall effectiveness of the governance, and risk and control framework of the organisation, together with an analysis of themes and trends emerging from Internal Audit work and their impact on the organisation’s risk profile.
Through a standardised issues assurance process, GwIA will be responsible for monitoring and reporting the status of open audit findings to GAC and verifying the risks originally identified in audits have been appropriately addressed by management.
8. Standards of Audit Practice
The GwIA function will adhere to the Institute of Internal Auditors (IIA) requirements as set out in the IIA's 'Code of Ethics' and 'International Standards for the Professional Practice of Internal Auditing', and the Chartered Institute of Internal Auditor’s (CIIA) revised guidance, ‘Effective Internal Audit in the Financial Services Sector’ (CIIA Code). GwIA will conduct itself in accordance with standards, policies and practices as set out in the GwIA Procedures Manual, and will carry out its audit work in accordance with the GwIA Methodology.
The GwIAD will ensure that the audit team has the skills and experience commensurate with the risks of the organisation. Where appropriate, independent internal or external technical specialists will be engaged to supplement the core team, and quality assurance and improvement practices.
9. GwIA Performance Indicators
The GAC will assess the effectiveness and performance of GwIA using several performance measures / indicators, including an objective independent assessment of the effectiveness of the function, to ensure that the function maintains conformance with all relevant IA standards of audit practice, is adequately resourced, free from constraint and has the appropriate standing within the Group.
Reviewed and approved by the Group Audit Committee on 2 November 2016.