Financial Services Internal Audit Planning Priorities 2021

Below we highlight new areas relevant to Internal Audit but also those areas we believe will have greater focus in 2021. We hope this informs your 2021 planning and assurance approach.

3.1. Sustainable Finance and ESG

Sustainable finance aims at integrating Environmental, Social or Governance (ESG) criteria into financial services, and at supporting sustainable economic growth. Pandemic-induced financial decisions made over the next year will shape the global economy for the next decade, just when we must drastically reduce emissions if we want to avoid orders of magnitude worse than COVID-19. As the potential impact of climate change on the financial sector rapidly grows, more and more firms globally are incorporating climate related risk into their risk universe and building sustainable finance frameworks.

Risk managers cannot ignore the seriousness of identifying, mitigating, and reporting on material climate risk exposure and as with any emerging risk to which the business is exposed, Internal Audit must assess the strength and resilience of the related control environment. Through independent assessment of the strategy, risk management, governance and internal control processes in place to manage the issue, the third line function must challenge firms’ approach in shaping viability and long-term sustainability for the future.

  • In May 2020, the Network for Greening the Financial System (NGFS) released a guide for Supervisors, setting out five recommendations for courses of action of members of the NGFS as well as the broader community of banking and insurance supervisors to integrate climate-related and environmental risks into their work.
  • In July 2020, the Climate Disclosure Standards Board (CDSB) produced application guidance to assist companies in the disclosure of material climate-related information in the mainstream report.
  • Principles for Responsible Banking Signatories and United Nations Environment Programme Finance Initiative (UNEP FI) Member Banks have developed a Portfolio Impact Analysis Tool for Banks and a Guidance Document, to support signatories in conducting an in-depth impact analysis as a starting point for effective implementation of the Principles for Responsible Banking.

Strategy and governance

  • Internal Audit should assess the level of and nature of data inputs, the frequency and degree of formalisation of the sustainable finance strategy, involvement of internal and external parties and whether quantifiable KPIs have been defined and incorporated.
  • Determine whether governance boards are diverse in knowledge, skills, experience and background to effectively take decisions informed by an awareness and understanding of ESG issues and sustainable finance.


  • Determine whether the organisation’s risk appetite incorporates sustainable finance and is embedded throughout organisation’s processes, i.e. departmental KPIs and related reporting.
  • Assess the organisation’s performance against defined strategic KPIs and where necessary, challenge whether internal review of related metrics and KPIs has been conducted.
  • Review whether all climate related risks have been identified through enterprise-wide risk assessment and supporting mitigating controls are in place for those identified as material.
  • Assess whether risk management MI is adequate in supporting the Board in making decisions regarding climate related risks.

Regulatory compliance and reporting

  • Ensure 2nd line of defence periodically assess the evolving regulatory risk environment through appropriately designed mechanisms such as Compliance Monitoring Programmes and appropriate actions implemented in a timely manner.
  • Assess how the organisation has addressed new regulatory recommendations for climate related disclosures and ESG related reporting, as well as voluntary disclosure initiatives.
  • Challenge the accuracy of climate related reporting, identifying potential areas which could be perceived as ‘Greenwashing’ by the regulator.

Operations and green products

  • Assess whether the business has a clear understanding of responsibilities in relation to implementing the sustainable finance strategy in day-to-day operations.
  • Challenge how key monitoring metrics are being integrated into day to-day business management and operations.
  • Challenge engagement with green products, assessing whether operational activities are aligned with the organisation’s sustainable finance strategy.

3.2. IFRS 9

IFRS 9 requires that lenders recognise a loss allowance for credit exposures to accurately reflect Expected Credit Losses (ECL) on a forward looking basis. Quantifying ECLs is extremely challenging in the current COVID-19 pandemic; the economic and credit outcome is currently highly uncertain and the market has not previously seen such sudden changes in economic activity alongside unprecedented state intervention and behavioural changes. ​

Loan loss reserving practices and disclosure are coming under significant scrutiny in the market and have already been the subject of multiple regulatory interventions and an elevated level of press comment. Further, ECL and a forward-looking view of credit loss is a fundamental part of loan pricing; there is an immediate need to have accurate ECLs to ensure loans are still adequately priced for risk.

  • Firms’ ECL models may have stopped working effectively, due to market behaviour well outside their design tolerances.​
  • Expert judgement in / post model adjustments have become critical; there has been no time to collect data or rebuild models.
  • Control mechanisms for ECL levels and reporting will need to change to reflect the focus on different information sources and estimation techniques, e.g. governance and controls around post-model adjustments may need strengthening.​
  • Established approaches to IFRS 9 Staging and identifying problem loans may not cope with recent regulatory guidance and operational practices, for example, the high volumes of treatments being granted.​
  • Choice of scenarios, their probability of occurrence and likely loss severity will be a significant driver of Staging and ECL outcome. The high level of uncertainty means narrative and sensitivity analysis will need to evolve in order to demonstrate these material assumptions are supportable.

Area of Focus

Problem loan identification​


  • Review the appropriateness of adjustments made to IFRS 9 Significant Increase in Credit Risk (SICR) and Staging thresholds/ criteria to accommodate payment holidays offered to customers.

ECL models​

  • Assess the appropriateness of use (or non-use, via judgmental overrides) of ECL suite models, including econometric models as well as Probability of Default (PD)/Exposure at Default (EAD)/Loss Given Default (LGD) models, in the context of the economic, fiscal, supervisory, legislative and social changes driven by COVID-19.​

Forward-looking scenarios and weightings

  • Assess the supportability of forward looking economic scenario forecasts in the context of the uncertain outcome, including uncertainties regarding the characteristics of the virus and the timing of availability of therapies/vaccines.​


  • Ensure governance, controls and internal reporting are effective in the new environment, with an emphasis on overlay/post model adjustment governance processes.​

3.3 IFRS 17

Internal Audit functions in the EU are at different stages with regard to IFRS 17 assurance planning and are currently reassessing and adjusting their holistic assurance timelines. IFRS 17 has a number of areas of complexity and challenge and prioritising these can be difficult. Below we consider some of the key methodology decisions, highlighting common high risk areas and Internal Audit's approach for providing assurance that informs governance around methodology.

Internal Audit functions are reconsidering their assurance timelines for two reasons – COVID-19 has changed Internal Audit’s and organizations wider plans for 2020, and, during March, it was announced that the effective date of IFRS 17 will be deferred to 1 January 2023, prompting project teams to consider refreshing their own timelines. With many programmes on the cusp of transition from design stage into execution, assurance over the IFRS 17 applicability assessment performed across the product portfolio is an important early milestone in ensuring the implementation programme covers all insurance contracts as defined within the standard.

Certain key decisions, the working assumptions, are made early and drive downstream effects of the implementation programme. For example, adopting the General Measurement Model (GM) will require many organisations to modify existing systems and databases to capture additional contract or portfolio level data; whereas the Premium Allocation Approach (PAA) may not require such a significant change to the organisation’s existing infrastructure (but may introduce different risks). The cost associated with identifying and correcting inappropriate accounting policy or methodology choices during the implementation programme can be substantial and may put key deadlines at risk.

While IFRS 17 introduces numerous accounting policy choices, the following methodology related decisions are some of the most pivotal in driving implementation. These should be the focus for independent assurance and challenge, ensuring appropriate controls and governance around the approach, data, judgements and assumptions behind each. These areas typically form some of the initial working assumptions agreed by project teams but are equally important further into implementation.

  • Understand what the business has already done: Make sure the business has identified the decision makers at group and, where applicable, subsidiary levels for determining accounting policy choices and governance processes for change mechanisms are in place, noting that these may currently be untested. In particular, IFRS 17 working assumptions should have been approved and Internal Audit should explore how the integrity of this process was maintained.
  • Gather information: To help evaluate the consistency of decision making between countries, business units or classes of business and understand whether reasons for differences are appropriate, auditors will need access to relevant information on an ongoing basis. Information may be in the form of simple or complex data, or more strategic in nature such as future acquisitions which may bring in new lines of business.
  • Assess Internal Audit capability: Assess whether Internal Audit has the right skills in the team to appropriately challenge the business and be confident whether appropriate information has been considered.