Funds Transfer Pricing and the Quest for Term Funding: Working Towards New Solutions

Funds Transfer Pricing (FTP) is emerging as not just a nice to have, helpful tool in managing a financial services business, but in some cases has become a regulatory necessity. FTP, also called Collateral Transfer Pricing in some firms, is the exercise of allocating the cost of liquidity between business units at the same firm. It is no longer enough to have a friendly handshake about cost allocation, especially when one desk is providing liquidity and another is a high-octane consumer.

The new requirement is that a robust model be in place that can show all internal participants as well as regulators how costs are allocated and absorbed. While FTP started with capital market activities, the next evolutionary step is in expanding the concept to include money markets, repo trading and securities lending activities. FTP is a reflection of the fact that term liquidity has become a finite and scarce resource that is not easy to manufacture for capital markets.

A Brief History of the Problem
Before the financial crisis, neither FTP nor collateral optimization played much of a role in financial institutions. The traditional model was that Treasury or an Asset/Liability Management department would match up both sides of the balance sheet. The Treasury team would link illiquid loans on the one hand and retail funding plus an equity component on the other hand, making trades to balance the difference and consider the matter closed. There was often no explicit cost of liquidity or collateral consumption to any trading desk, and certainly trading desks were not paid if they were net contributors to the overall collateral pool.

The traditional Treasury did not really understand the capital markets concept that can easily separate legal and economic liquidity mismatches, both on the asset as well as on the liability side of the balance sheet. This is in a way remarkable as exactly this mismatch is considered to be the Achilles heel of any deposit based banking system. But Treasury managers were not looking beyond banking deposits.

To illustrate the nature of the problem, we take an example of how capital markets assets were measured at the time. While the purchase of an asset causes a €100 million outflow and produces a legal mismatch of, say, five years, it does not show up with this mismatch on the liquidity radar screen of a treasury department (see Exhibit 1). The reason for this is that assets could be funded any day in the repo market, exchanged in the securities lending markets, or sold without a great loss under the assumption that there is ample liquidity and value at risk is relatively small.

Exhibit 1:
The pre-crisis view on capital market assets

Source: DekaBank

As a consequence, the outflow is 100% neutralized with a cash inflow and the mismatch disappears. The asset is now self-funded. Correspondingly, with no mismatch on the radar screen of the treasury and no long term funding impulse, there was a fair argument that a trader should only pay the repo rate as FTP or pay no more than EONIA / EURIBOR flat or equivalent based funding. This was all fine with high quality assets in very liquid markets, but might have gotten more complicated with less liquid securities. In essence the underlying assumptions were ultra-liquid assets, in ultra-liquid markets where neither market, nor funding, nor macroeconomic liquidity risk existed.

Moving closer to today, a laundry list of factors has emphasized the importance of FTP and collateral optimization and the technologies that accompany them. The factors we include are: recent regulations; balance sheet deleveraging; the increasing role of central clearing and CCPs; regulatory and central bank demands for transparency; internal auditors; and even internal trading desks when confronted with their funding costs. These have all increased pressure on Money Market, Treasury, repo, securities lending and collateral management departments to improve transparency on pricing and bring more rigour to their allocation methodologies.

Part of the new pricing paradigm are haircuts. While most people only had a limited understanding of haircut calculation before 2007 / 2008, today we find all kind of haircuts: central bank haircuts, LCR or NSFR haircuts, large exposure risk haircuts, VaR and gap risk haircuts, FSB haircuts, stressed and going concern haircuts, etc. Haircut calculations have become an art in itself and are an important driver of FTP or collateral optimization as they are used to inject longer term funding impulses into security positions, repo or securities lending and even structured or derivatives transactions.

Taking the same example from above, this trade is not only not self-funding, but it generates a strongly negative funding position (see Exhibit 2). Less liquid credit assets like NIG rated ABS, CLO’s, CDO’s or third tier equity, etc. now have a much more limited funding value. In this example they attract a 50% haircut. And what is more, this haircut gives rise to a €50 million negative liquidity mismatch, which shows up on the mismatch radar screen of the treasury and creates a long term funding impulse. With the cost of funds at 50%, a five year Asset/Liability Management curve and only 50% EONIA/market-based funding, it is obvious that the cost of liquidity has increased significantly for the holder of such a position. Accordingly, the trading position or instrument is not self-funding any longer.

Exhibit 2:
The post-crisis view on capital market assets

Source: DekaBank

Now, this would probably not be such a big issue if we had long term repo- or long term securities lending markets that would be able to manufacture term funding liquidity at reasonable cost. But currently, more than 80% of the securities lending and the repo markets are less than one month duration and offer no means to close negative funding mismatches in later time buckets.

As a consequence, haircuts have partially eroded the market and asset based funding system. Capital markets activities are now a term funding drag for the bank and are in competition for term liquidity with both, internal and external actors. Investment bankers are back to the negotiation table with the treasury department. In order to keep these negotiations from getting too unwieldy, a fair and transparent FTP methodology has to be implemented.

The Practice of Funds Transfer Pricing
FTP is the practice of allocating funding costs fairly across all parties. It is at heart a governance matter, ensuring that liquidity givers and takers are each compensated for their actions. As a governance process, FTP has four parts:

Liquidity Management
o Transparent liquidity reporting
o Make mismatches transparent
o Improve liquidity planning
o Ensure compliance with regulatory liquidity ratios
o Allocate cost of liquidity
buffers
P&L Management
o Determine P&L after Funding Cost
o Manage Funding Cost at Desk / Unit Level
o Determine Fair price for firm Liquidity
Balance Sheet Management
o Ensure efficient balance sheet utilization
o Help determine cost of balance sheet utilization
Pricing
o Determine fair transfer pricing between liquidity providers and liquidity users
o Determine correct LVAs for derivatives
o Ensure transparent liquidity prices

The hardest piece of FTP is actually figuring out how the pricing methodology occurs. Some firms have turned to market-based funding rates (repo and securities lending) while others use a haircut methodology. Some firms use a combination including taking haircuts from multiple internal and external sources. A 2014 white paper by SunGard, Finadium and InteDelta described a methodology for finding the fair value of an asset for FTP. With this collection of methodologies, it would come as no surprise that the FTP values across security types are a complex function of haircuts, funding and market liquidity and regulatory requirements (see Exhibit 3).

Exhibit 3:
A practical outcome of FTP for securities

Source: DekaBank

The exhibit shows an example for a level 2B security and a non-HQLA security. FTP decomposes any security position into different buckets of varying liquidity. The ultra-liquid parts may still be self-funded and attract a short term repo rate. The less liquid parts of a security position attract a higher portion of term money and thus higher costs of funding. In the below example, the Level 2B security attracts 50% funding at the one month bucket. The LCR haircut attracts funding at the three-month (internal or benchmark) rate, reflecting the fact that in order to neutralize the LCR impact you need longer term funding than just one-month. Eventually, there is also a longer term component (in this example illustrated by the ECB haircut), which attracts a one year funding impulse.

As can be seen in the exhibit, the non-HQLA asset attracts even 90% 3- months funding. The respective funding rates for the one, three or 12 months buckets may depend on the mix of funding instruments and access to funding markets for a certain institution (e.g. money market / deposit based funding, access to repo, CP, securities lending markets and other factors). It may be based on benchmarks like EONIA, EURIBOR or a mix of all the above. The methodology as outlined is relatively robust. As regulators inject even more long term funding impulses, e.g. through the NSFR, the methodology can be easily adopted.

Once you have proper funds transfer pricing for different collaterals as outlined, it is easy to construct FTP for repos by just adding or subtracting the term cash legs to the collateral leg. FTP for securities lending can be derived by adding / subtracting the FTP for the two collateral legs, or if that is easier and more direct by adding a repo and a reverse repo. As a consequence, you will have covered short term products in a straightforward, simple and transparent methodology that is both robust and flexible with regard to new requirements.

Regulators have made term liquidity both an essential as well as a finite resource of capital markets activities, despite the cash overhang created by QE in different parts of the world. This happened through simple measures like the de facto introduction of haircuts through of the LCR, NSFR, or by making it more difficult for beneficial owners to lend on term. As a consequence, costs of funds went up and financial institutions had to deleverage their balance sheet.

The Quest for Term Funding
The question is whether capital markets can create new sources of term funding to mitigate these effects. Repo CCPs may be a good starting point, however, with the exception of ultra-liquid government securities, which are self-funded anyway, term markets have not really developed there. Also, establishing term markets on a CCP is not a straightforward task. CCPs can change the collateral composition and counterparty risk requirements pretty much overnight, thereby invalidating the term nature of any transactions immediately. We are now discussing LCR baskets, but this is just an exchange of HQLA vs cash and will not do anything to generate term liquidity. Hence, what is good for systemic risk may be counterproductive for the development of secured term repo / securities lending markets. Bi-lateral transactions do work of course, but are not as balance sheet or capital effective as CCP transactions. That said, there have been some new ideas with regard to constant maturity type transactions recently. Eventually, term funding may be forthcoming from the shadow banking sector, but would this be in the interest of regulators and central banks?

Final Thoughts
Regulators as well as central bankers need to understand that by manipulating funding relevant haircuts (for instance by introduction of regulatory ratios like the LCR and NSFR), they can increase or decrease capital markets activity, respectively funding and market liquidity. Haircuts and market based funding levels are different sides of the same coin determining the internal and external cost of funds. Haircuts that are too high will exert funding pressures despite QE and prohibit market liquidity. Haircuts that are too low may lead institutions to leverage up their activities too much and add to too much credit sensitive assets to their trading books and balance sheets. Here, regulators and central bankers have some fine tuning to do.

Against this backdrop, FTP has become a requirement for any bank and capital markets division today. It is vital to have a fair and transparent methodology that allocates costs amongst liquidity givers and takers, thereby allowing institutions to price transactions according to their internal and external costs of funds. And here, banks have some optimization to do in steering and managing the supply of term liquidity that central bankers and regulators have allowed into the markets.

---

Michael Cyrus
Head Short Term Products, Equity Finance & FX
Deka Investment – Germany

who will deliver a Presentation at our 5th Annual Collateral Management Forum. If you would like to receive more information please Request the Conference Agenda.

Panama papers: again, another reminder

The Panama Papers bring out several issues related to vulnerabilities of controls from countries and companies. We have heard about them…tax havens… offshore companies, banking secrecy, money laundering, political exposed persons… but what are they? How are they related to each other?

To start explaining, it is important to add another role as important as it is Internal Audit within the companies: the Compliance Officer. Where does it come from? What are their responsibilities?

After the most important financial scandals that took place in 2002 such as Enron and WorldCom the authority decided to tighten the nuts and the regulation changed. New rules were placed for public companies such as the prohibition of not being an auditor and consultant for the same company, disclosures if a company is dealing with a fraud, rotation of audit partners (5 years top), creation of the Audit Committee and how to protect whistleblowers among other things. And a new role emerges from this: the Compliance area.

Compliance as its name says it has the duty to comply with the law (externally) and with the policies and procedures (internally). Its difference with Internal Audit is to prevent rather than detect. As we all know either an external or internal Auditor determines a scope based on the nature of its revision in order to analyze what is being doing vs. what it should be. (For more information refer to the article, Value: Internal Audit) The bottom line: an auditor analyzes something that already has happened (after). Meanwhile compliance should be involved before taking a decision. (I.e. a contract, hire key staff, new provider, etc.)

Compliance should be in charge of manage the money laundering risk, which is defined as to give legality to money that comes from illicit activities. Those illicit activities are several among: traffic of drugs, human organs and humans. Prostitution, forgery, pornography, bribes, etc. The term “illicit” depends upon the legal framework of each country. The criminal will look for “paradises to launder money”…those countries or companies which can help him to launder lots of money at a low cost in a very quick time.

A tax haven is defined as a territory where taxes are levied at a low rate or has a system of banking secrecy. This means that banks are not allowed to give to the authorities the information of their clients… the real owner… is a “top secret” and it has to be kept as that, unless there is a criminal complaint. Offshore companies (legal entity), refer to be incorporated or register on tax havens.

Therefore, for its characteristics tax havens are used by some people for purposes of confidentiality…others for launder money and others to pay less tax or hide money from the IRS. The latest two mean a crime: tax evasion.

But tax evasion differs from money laundering. Although both are crimes they have specific characteristics. Therefore, depending on the circumstances, someone can be accused of both or just one.

Then there is another key concept: political exposed person…“PEP”. It is defined as someone who is or has been entrusted with a prominent function. Historically PEPs have shown us that tend to be corrupt. Taking bribes is illicit money; dirty money. It has to be laundered. Someone who is corrupt does not want to be known as such, so the money has to be seen as “clean”… as legal.

One of the key elements to deter and prevent money laundering is to know your customer (“KYC”) and apply customer due diligence. (“CDD”) Countries, authorities and companies need to know who the real owner is, as well as who controls. Criminals use among many methods:  shell companies, front man or identity theft to disguise its identity; therefore verify who really is the owner, it is an extremely important control.

Although there is still an investigation carried out in Panama, it reminds us (again) the importance of internal control that companies should have and countries should promote. How many factors have in common with the Enron case?

-Worldwide there are flaws in the laws that generate legal technicalities that help criminals or there are still issues to be regulated. In Enron case energy wasn't regulated. Today it is the offshore industry.

-In both cases there were rumors of corruption.

-Lack of transparency: Enron didn’t present a Balance Sheet meanwhile in Panama due to bank secrecy information is not provided.

-Enron used “mark to market” for accounting valuation and afterwards a “hypothetical future value” among the creation of several companies to disguise the fraud and real owner. (It included a trust). Today in Panama it is reported a number of companies created by complex structures, also.

-Statements from both executives of companies were: “we didn't do anything wrong”. The rationalization is the same.

Regardless of the mentioned above and the importance of controls and managing risks there is something more transcendent: values. Why do people even knowing that something is wrong, they do it?

And the history…again is repeated…with so much similarities…

By Mónica Ramírez Chimal, México

Partner of her own consultancy Firm, Asserto RSC:  www.TheAssertoRSC.com

Author of the books, “Don´t let them wash, Nor dry!” and “Make life yours!” published in Spanish and English. She has written several articles about risks, data protection, virtual currencies, money laundering. Monica is international lecturer and instructor and has been Internal Audit and Compliance Director for an international company.

Who should manage fraud?

Call the Internal Auditor, immediately!

Is this the lucky day for the Auditor? 

Everybody is looking for someone in the Internal Audit department. But it is not for thanking or acknowledge their work it is because someone has robbed the company!

The headless chicken syndrome starts: have you seen when a chicken head is cut off and how the body starts running? Well, companies act the same way: everybody runs… meeting emergency requests… everybody is confused on what to do, but everybody gives their point of view… Bottom line: who should be responsible for managing the fraud? Is Internal Audit responsibility?

No. The majority of the companies misunderstand the responsibility of fraud. Yes, Internal Audit should be able to detect fraud depending upon its work and scope. But it is a shared responsibility between: Internal Audit, Compliance and members of their respective Committees, Legal, Human Resources and the CEO. This is the “basic” members that should manage fraud or get together when it happens but…

Depending upon the company structure and size it could also be added Security. It also could be added some Directors (Executive Management) but this depends on who the possible fraudster is. Obviously if the CEO or any other Executive is involved, it should not be included in the fraud investigation meetings. This also applies to any other area in the “basic” group.

Here are tips worldwide to improve prevention and detection of fraud:

a) It is great that companies have a hot-line but, who monitors? The company has three options: either internally, externally or a mix of it. If it is internally it is important to assign it either to Internal Audit (IA) and/or Compliance. Some companies give access to other areas such as Legal or Human Resources. Do not do that. Remember that due its nature, Internal Audit and Compliance have the qualifications to do it (independent, objective and access to Committees if needed). If it is externally monitor, determine together with the provider: the escalation system and criteria to report it as urgent or normal. Both externally or a mix, the company’s contact should be Internal Audit and/or Compliance. You do not want indiscretion or gossip on the aisles.

b) Ok, you have brave people who reports, is the company going to protect them? If people have the courage to report then the company should be prepared to protect them, performed investigations and improve internal controls so that experience does not repeat. In other words, make something! Impunity happens and lasts because people don’t see a change, don´t see the company really cares. If you are thinking that everything is ok because in your company you run or work for, there are no reports...sorry to let you know: you are wrong. Your company is one more of the statistics: people do not talk because they are afraid, because they think nothing will happen, because they do not want to lose their job. Result: SILENCE…

c) Avoid ego. How many times have you heard Human Resources started an internal investigation because they know of some violation to the Code of Conduct? Areas encroached between each other’s responsibilities. Neither Human Resources, Operations, Legal, Finance, etc. nor any other area should start an internal investigation by themselves. Even IA or Compliance should report it to their Committees and/or CEO. Surprisingly when there is a fraud case everybody wants to participate, investigate and come up with the fraudster. Leave ego aside and define clearly roles and responsibilities.

d) Rely on experts. Regardless the company is going to imprison the fraudster it should be aware to involve legal and labor lawyers. Many of the companies thinks that an investigation should be made in-house…this is true at a certain point: IA and/or Compliance can investigate using documents, data, camera recordings, files, inventories, etc. But when the moment comes to interrogate the possible fraudster they need to have advice from experts. Here come the attorneys who can help you on how to manage the situation. For example: in Mexico if you interrogate someone in a closed room the person could sue for unlawful deprivation of liberty. If the criminals get advice, why not you? You don't want to be sued and loose the case because of “a technicality” or ignorance.

e) Develop an anti-fraud program and a fraud checkup. This should be the framework on what to do, how to do it, who is responsible of what, investigations, etc. And the latest to monitor how vulnerable the company is towards this risk.

f) Keep a record on red flags: how many have been a trigger for investigations? How many have been repeated? Which have been the repeated areas? (For example: operations, legal, accounting, etc.) Is it the same job position? Make an inventory of these, which will help you to improve your internal controls and detect possible frauds more easily.

g) Correct what has to be improved! Do not copy what other companies do: their response to the fraud is to dismiss the fraudster. Really? "Everything remains the same” thinking hiring another person will solve the situation but the internal control weakness prevails and then the story is repeated…

Lastly but not least: train all employees. Emphasize the code of conduct and ethics and encompass all types of fraud; do not refer only to stealing assets, for example. They are your eyes and ears where you can’t be. Make them aware of unacceptable behavior, encourage them to speak up and demonstrate that the company takes it seriously. At the end it is everybody’s business: if the company suffers a fraud, it has a consequence. We have seen so many fraud cases that lead companies to bankruptcy. Nobody wants to lose its job because of that…

By Mónica Ramírez Chimal, México

Partner of her own consultancy Firm, Asserto RSC:  www.TheAssertoRSC.com

Author of the books, “Don´t let them wash, Nor dry!” and “Make life yours!” published in Spanish and English. She has written several articles about risks, data protection, virtual currencies, money laundering. Monica is international lecturer and instructor and has been Internal Audit and Compliance Director for an international company.

Foundations for work: how to get the information

Either if you are an Internal or External Auditor, or Compliance Officer you certainly know the importance of obtaining the information. Most of our work relies on information from other areas or clients. So, what to do?

1.       Let´s start with the basic: what do you want to know? What do you need to obtain? To whom are you going to speak? Avoid being unprepared. Take as much information of the company, area and person who will you interview. This will help you for the location, dress code, organizing your ideas and asking the correct questions. Write down your questions, comments, doubts; make a list. After that, sort them from generic to specific so the interview will make sense and issues may not repeated. Then…

2.       Schedule the meeting with the sufficient time and clarify its purpose. For example, if you think it will take 30 minutes, make it an hour. It is best to have time rather that do not have it or that you seem in a rush to leave. If you are going to have more meetings, are those going to be in the same place or do you have to move? Keep in mind traffic. Also, in advance allow people to know what the reason for the meeting is. This will help people to know what you will be talking about, rather than wondering the reason.

3.       Arrive on time. “Being unpunctual is not lack of time, is lack of respect”. Everybody is busy, everybody has something to do; so respect others people time. If the meeting is schedule for 10 a.m. at least arrive 15 minutes earlier or better 30 minutes. You never know what you may deal with…like an incorrect address, building, floor, etc. Those unexpected events could make you lose time on moving and arrive late. Be cautious.

4.       In the meeting:

a.       When you greet make a firm shake hands, maintaining eye contact with the person. (Of course if it is used -depending upon culture- otherwise just say “good morning or afternoon, etc.”) Avoid a distant look; this can be taken as insecurity. You want the interviewee to see you as an equal, as someone to rely on. Be careful with body language! The way you sit, your facial expressions, tone of voice, is more important than what you think.

b.      In Mexico and Latin America it is common to use a formal language as being politeness. Address to them as: “Mr. …Mrs. … or Miss” this demonstrates your maximum respect. You will change to talk informally only if the interviewee asks. Otherwise keep it formal.

c.       Start asking your questions from the generic to the detail. Apply what has been said in #1; for example "Mr. X, could you tell me what your staff does?" (generic) As the conversation moves on: "Mr. X, who authorizes the expenses?" (detail)  Do not interrupt, do not assume, maintain eye contact and above all either switch off your mobile or put it in silent tone. Avoid distractions. What you want is that the person in front of you feels unique, important and relaxed. And you are focused on every word rather than dealing with the mobile.

d.      Take notes. Do not rely on that later you will remember. There is so much information that it is really important to take notes. In this way, you help your brain to emphasize the facts and yourself to remember afterwards what has been said. It is an art to take notes and keep eye contact, but it can be done! It is equilibrium.

e.      Corroborate what you have understood. For example: "Mr. X, according to what you told me, I understand you are the only person who authorizes all the Directors expenses, right?" When you use the word “right” you are expecting a closed answer such as “correct” or “incorrect”. This is a good practice to make sure you have understood correctly what has been discussed or clarify in case there is doubt.

f.        As a closure, explain what the next steps are or what you will do. Do you need more information, interviews? Does the interviewee undertake to get information? Do you need its approval for the meeting summary? Remember people like to be informed. Explaining what will happen next will help you in case you need support for other interviews, to get more information. In addition: clarify that the information you are asking is not limited or that “it is all you need for the moment”. Avoid saying "this is all the information needed" because in case you need more, people won’t be so open to give it you.

g.       Ask how it would be more comfortable to be contacted or what the interviewee prefers. Is it by email, a call or face to face? This will help you to avoid being a nuisance.

Extra: in case there are questions from the interviewee and you don't know the answer, be honest. For example: "Mr. X, I do not know that, but I will check it". But make sure you check it and come back to that person ASAP. This is an attention and people like that.

Finally: keep in mind you are dealing with a human being. So, it is very convenient to put that person in a comfort zone, because when people are comfortable they tend to be open! 

Your task is to know the process, area, or how something functions…to obtain either information or documentation so be focused on that. Be correctly polite but not misleading.

How do you behave with your friends? Replicate that. Remember persons want to feel unique, important. Handle people with clear communication, with honesty and attention is a key for anybody to get the information needed.

By Mónica Ramírez Chimal, México

Partner of her own consultancy Firm, Asserto RSC:  www.TheAssertoRSC.com

Author of the books, “Don´t let them wash, Nor dry!” and “Make life yours!” published in Spanish and English. She has written several articles about risks, data protection, virtual currencies, money laundering. Monica is international lecturer and instructor and has been Internal Audit and Compliance Director for an international company.

Value: Internal Audit

In order to start talking about issues that are related to Internal Audit (IA), we have to clarify which is the role of this function. Many companies think about it as “a necessary evil”…something that is needed but it is not welcome. Some other companies equate Internal Audit as the “police”…the whistleblower of everything that happens…but these perceptions are way behind of its true essence and meaning.

Internal Audit has been in the world for a very long time. It has different types according to the scope but in general it can be said that verifies that what is being doing is what it should be. So its expertise is based in two main things: first, know and deploy the business risk management and second, know all the processes within the company. Hence its revisions or audits should be based on the knowledge of the business, its vulnerabilities and the result of other revisions which implies there is lack of control.

So its knowledge is integral. Therefore it is a consultant area; an area of service. For whom? To the Management Board, Committees, CEO, other Directors; to the company itself in order to protect it from business risks. To do such job, Internal Audit should be:

-Independent, objective and ethical: its personnel must have total independence in order to not be considered “judge and jury” at the same time. Also, be skeptical, impartial alike and behave ethically in every situation and circumstance.

-Have the support of senior management; meaning: shareholders, members of the Board of Directors, Committees, CEO. This includes that the head of IA be positioned at the same level of other heads and report directly to the Audit Committee and CEO. In addition to have enough budget to hire suitable staff, have technological tools and perform audits in any location the company has branches.

-Be updated on relevant issues that may affect the company such as: risk management, fraud prevention and money laundering, data protection, etc. Also, know any new regulation that the company should comply.

-Audit performance: the importance of an audit relies on the observations made but most important to get the cause that generates such. In this way, the risk management is useful in order to attack the cause, the root of the lack of control. Add to this the knowledge of the company and here it is the key: the audit has been made as a tailored suit with the creativity of the Internal Auditor. But here the show is just beginning! The follow-up to the audits is another key element. How the audited area is deploying the recommendations? Or better why have they not done anything?

Internal Audit independence also includes performing its revisions without telling anybody when they will be. Surprise…!!! For everybody adding changes in its scope, periods to review, etc.

So, we are not the “ugly ducks”…or the police. We are an area that detects lack of controls; issues observations and recommendations. We are an area that sees the company in an integrated vision: therefore our work starts with an audit, consolidates with a business risk model (which we will talk later) and adds value to the company by our knowledge and expertise in protecting and preventing towards new risks.

Internal Audit is the key!

By Mónica Ramírez Chimal, México

Partner of her own consultancy Firm, Asserto RSC.  www.TheAssertoRSC.com

Author of the book, “Don´t let them wash, Nor dry!” published in Spanish and English and internationally remark. She has written several articles about risks, data protection, virtual currencies, money laundering. Monica is international lecturer and instructor and has been Internal Audit Director for an international company.