Beruflich Dokumente
Kultur Dokumente
Access to this document was granted through an Emerald subscription provided by emerald-srm:551360 []
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service
information about how to choose which publication to write for and submission guidelines are available for all. Please
visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of
more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online
products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication
Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation.
CSA in a financial
services organisation
Control self assessment (CSA), the management technique that aims to contain
risk and ensure that control systems work effectively, is a highly topical issue. Here
Vicky Kubitscheck draws on her experience in developing CSA programmes to offer
Downloaded by UNIVERSITAS TRISAKTI, User Trisakti At 04:21 09 December 2018 (PT)
HIS ARTICLE AIMS to provide for the future. For nearly 200 years, are in danger of maintaining the ‘it
T an outline to my approach to
CSA and the considerations and
developmental processes that
are necessary for determining
the right approach for an organisation. To
be successful, the CSA programme must
recognise the ‘soft issues’ of the organisa-
insurance and banking organisations
have operated relatively unchanged, dic-
tating their services to consumers. Proud
of their tradition, almost to a point of
arrogance, the financial services industry
will initially need more than mere rec-
ommended practice contained in the
would not happen to us’ syndrome.
Competition and globalisation a continuing sign of the complexities isations approach CSA in very different
From the number of mergers and involved in controlling the whole gambit ways, though the principles and
takeovers occurring in the financial of financial services and satisfying the objectives remain similar. It is therefore
services industry over the last ten years, consumer. Pensions mis-selling is one not surprising to see a convergence in
companies not wanting to lose out are such example of complexity which the detailed practices, with differences
Downloaded by UNIVERSITAS TRISAKTI, User Trisakti At 04:21 09 December 2018 (PT)
under pressure to lower distribution arose, some may say, through a remaining in the way CSA is introduced
costs and increase productivity. Being combination of political and economic and implemented in an organisation. I
more cost-efficient and customer- issues. Changes in the various statutory summarise below those factors that have
focused has been a preoccupation in a regulations relating to the banking influenced my approach to implement-
number of organisations in the drive to industry, building societies, insurance ing CSA.
attain financial strength and to gain companies and investment management
organic growth. The new breed of man- companies appear to contain elements of Executive sponsorship
agers who are ‘empowered’, who are the new corporate governance culture. ■ Is CSA being sponsored at the top?
more aware of corporate objectives and For example, the European Experience from many organisations
whose accountabilities are more trans- Commission’s Third Life and Non-life indicates that, without support from the
parent, is growing. Insurance Directive requires companies top, implementing CSA would be almost
to be managed ‘in accordance with the impossible or limited in application. The
Regulatory and statutory principles of sound and prudent man- need for genuine approval and
requirements agement’. The Department of Trade and sponsorship from the top is almost a
An overwhelming influence on control Industry reinforced these principles by prerequisite for introducing a full
self assessment (CSA) in the insurance specifying requirements for directors to CSA programme in an organisation.
industry has been the introduction and make certain disclosures in their annual ■ Will support from the top be visible?
extension of regulatory requirements. returns and by issuing a series on Senior management and the executives
Regulation relating to investment advice Prudential Guidance, for example, Note not only need to sponsor the programme
was introduced in the late 1980s, one of 1994/6, on controls over investments but also must be seen to support the
its contributing factors being the outcry and derivatives. This regulatory function effort to ensure that appropriate
from consumers for more accountability has now been taken over by HM resources and priorities are committed.
by product providers and financial Treasury. The Financial Services Wherever possible, senior management
advisors. The need to comply with the Authority (FSA) has recently been creat- should front the key stages of
1986 Financial Services Act prompted ed as a ‘super-regulator’ of most forms implementation to demonstrate owner-
the growth of a new business function of financial service, and the Labour ship and buy-in of the initiative. This
with specialist compliance officers and Government has announced its intention visibility is vital to ensure that CSA is
compliance auditors being trained with to ‘clean up the City’. owned by management, by the business
the aim of ‘protecting the investor’. and not the facilitators, especially if the
The transformation of statutory Design approach facilitators are Internal Audit. Involving
regulation in the financial services During my research and development of management at all levels is also
industry has remained under scrutiny as a CSA methodology, I found that organ- necessary to reinforce the educational
aspect of CSA, ie, sound management
practice.
■ Is there a business driver for CSA?
Wherever possible, senior Implementing CSA for a specific
business objective that has been
management should front the key identified by senior management is a
powerful lever in designing approach.
stages of implementation to The business drivers that motivated the
boards in the respective organisations in
demonstrate ownership and buy-in which I have implemented CSA included
■ Regular contact with the co-ordinators is maintained to ensure deadlines are met.
Guidance for adopting and ■ A ‘Manager’s Guide’ is written by Internal Audit and issued to each co-ordinator. The details
maintaining the programme must be of the guide and underlying working principles are reinforced in the presentations or at
clear workshops.
The programme must be simple ■ The concept is introduced as simply as possible, using best management practice as the key
to understand, implement and approach. Fundamental questions include ‘What are my key responsibilities?’, ‘What are my
maintain objectives?’, ‘What risks am I facing in my area?’, ‘What procedures have I implemented to
mitigate these risks?’ and ‘How am I ensuring that I carry out my responsibilities satisfactorily?’
■ Simple proformas are used.
The programme must be an ■ Local practices are identified and, wherever possible, the process is integrated with local
integral part of management management practice, for example, reference to existing procedure manuals, quality control
practice checks, and discussion of controls to be included as a regular item at management team
meetings.
■ Existing communication channels, such as a network system or LANs, are used to maintain
documentation and facilitate monitoring of progress by the managers as well as Internal Audit.
Ongoing support and advice must ■ Internal Audit, as facilitators, maintain regular contact with the co-ordinators, on a formal and
be available informal basis. This ensures that progress is sustained and reporting deadlines are achieved.
■ Support from Internal Audit must be constant, consistent and available according to the
individual needs of the co-ordinators.
■ Board’s expectation and call for annual reports from each business area helps to reinforce the
continual implementation of the CSA.
Table 1
Implementing CSA managers. Their appointment by top fair proportion, at least 20–30%, of
Of the considerations outlined above, I management should be visible. Ideally, their time on the programme. It is
feel that priority should be given to these individuals know and are known expected that this proportion will
addressing issues relating to ownership, within that business entity, and have the decrease to no more than 10% as
commitment from the business, and ‘right attitude’ towards ‘doing things managers embed the programme in their
resources. right first time’. ‘tool box’. In this respect, it is important
Buy-in from these co-ordinators to consider the tools that managers are
CSA co-ordinators – a key feature from the outset is vital. This can be already using when designing one’s
The key feature of the CSA programmes achieved by Internal Audit, as facilita- approach to CSA to ensure that it can be
I have implemented, and generally con- tors, providing initial training or integrated with existing management
tinue to advocate, lies in the appoint- introductory sessions at the formal techniques. The key stages for starting
ment of divisional or business risk appointment of the co-ordinators. A the programme are illustrated in
co-ordinators. They play a key role in close working relationship between Figure 1 (see previous page).
rolling out the programme in their Internal Audit and the co-ordinators is
respective areas and obtaining real necessary to help ensure the smooth and Operating principles and design
management buy-in and ownership. By sustained operation of the programme. features
acting as focal points, they help provide During the initial implementation The operating principles and key design
a more efficient channel of communica- stages of the CSA programme, the features of my CSA programme, which
tion and co-ordination with individual co-ordinators are expected to spend a take into account an assessment of the
Ongoing maintenance Internal Audit can actively monitor and Other Practical Applications, edited by
It is the role of the co-ordinators to integrate CSA in their own process by Keith Wade and Andy Wynne, and
review and update the ‘Risk & Control feeding back findings arising from audits published by John Wiley & Sons, Ltd
Maps’ on an ongoing basis. The need for to the respective co-ordinators for input (see book review on page 42).
formal reporting to senior management into the Risk & Control Maps. Through
and the board helps ensure that the this process, CSA in the organisation Vicky Kubitscheck is group chief internal
process is carried out, hence the need for will be truly ‘holistic’ and integrated auditor at AEGON UK. She has over 13
years’ experience in the auditing
the commitment and support from the into the business environment. (See
profession in the financial services
top at outset. Figure 3). ■ industry, and is the chairperson of the
The continual input and monitoring Insurance Internal Audit Group (IIAG) in the
from Internal Audit will reinforce the This article is taken from Control Self UK. Previously she was head of Internal
principles of the CSA programme. Assessment For Risk Management and Audit at AXA Equity & Law.