1

Internal Audit of the

Estonian Financial Supervisory Authority (EFSA)

Raivo Linnas

Internal Auditor

Tallinn, Estonia – June 29, 2004

2

Curriculum Vitae - I

From 01/2002 – Internal Auditor of the EFSA.

10/1998 – 01/2002 – Head of Performance Audit Department, Deputy Auditor General, The State Audit Office.

3

Curriculum Vitae - II

08/1994 – 07/1998 – Chairman, Director 08/1994 – 07/1998 – Chairman, Director General, and Member of Management General, and Member of Management Board in 2 Insurance Companies;Board in 2 Insurance Companies;

09/1993 – 05/1994 – Vice Chairman, 09/1993 – 05/1994 – Vice Chairman, Member of Board of the Eesti Member of Board of the Eesti Sotsiaalpank.Sotsiaalpank.

4

Curriculum Vitae - III

From 04/2004 – Affiliate Member of the IIA of UK and Ireland.

From 1985 - Dipl. Eng.Former Lecturer of the Estonian

Business School.

5

About the EFSA - I

Established on 01.01.2002;An agency created by the Riigikogu; With autonomous competence and a

separate budget and management; Independent in the conduct of financial

supervision; United Financial Supervision Authority;The Financial Supervision Authority Act.

6

About the EFSA - II

About 65 Employees;The Council (6 members, including

Ministry of Finance, GBoE)The Management Board (5 members);8 Departments, IA, IS, PR.About 70 Entities to be Supervised, incl

Issuers.Budget of 2004 – circa 2.7 million EUR.

7

Place of Internal Audit Unit in the EFSA Directly accountable to the

Management Board. No statutory links with Supervisory

Council. No Audit Committee.

8

Legal Framework

FSA § 18.3.9;IA Reglement (Charter);Job Description of IA;Code of Ethics of IA;Contract of Employment of IA.

Fixed-term Contract for 2+2 years.

9

Mission

To help Management Board

achieve goals and objectives in best way with most reasonable consumption of

resources.

10

Goals and ObjectivesTo add value and develop the EFSA’s:

Management and Organizational Culture; and

Control Environment.To evaluate and improve the

effectiveness of risk management, control and governance processes.

11

Tasks and Responsibilities of IA

Internal Audit Function;Handling of Conflict of Interests Issues; Risk Management Function

(secondary);Promote Quality Management;Promote Appropriate Ethics and Values

within the EFSA.

12

Rights of IA - I

To be Independent in Planning, Scoping and Performing Audits and Investigations;

Immidiate Direct Access to CMB and MB in Corpore;

Access to all Files, Accounts, Processes, Property and Data.

13

Rights of IA - II

Interview all Staff, incl Members of Management Board (MMB);

Interview all Contractors and Representatives of Entities Under Supervision;

Take Part in meetings of MB and other relevant meetings;

14

Rights of IA - III

Reject all tasks in case of risk of incompetence, conflict of interests or unobjectivity;

Contract Independent External Expert(s);Involve Personnel of EFSA in Audits and

Investigations;Continuing development of knowledge,

skills, and other competencies.

15

Scope

All Fields of Activity of the EFSA;All functions and projects;All systems and processes;Entire Staff, incl MMB;All Structural Units.

16

Approach

Risk Based.Implementing The IIA Internal Audit

Standards as well as possible.

No full compliance with the IIA IAS as of today.

17

Planning

1. Strategic Plan (3-5 years);

2. Quarterly Plan; (Time-Resource Based)

3. Plan of Particular Audit.

SP and QP to be Confirmed by MB.

PPA to be Consulted with Chairman.

18

Reporting

The Case Report of Audit Results to the CMB and/or MB.

Quarterly Report to the MB.Annual Report of Activity to the MB.Annual Report of Self-Assessment to

the CMB.

19

Content of QR - I

I Report of Most Important Activities (Execution vs Plans).

II Observations of Most Important Risks.III Report of All Activities by Areas of

Responsibility. (Execution vs Plans).

20

II Observations of Most Important Risks - IRisks of Communication and

Disclosure;Financial Risks;Risks of Planning and Budgeting; Risks of Unachivement of Goals and

Objectives;Risks of Image;

21

II Observations of Most Important Risks - II

Risks of Supervision;Risks of Handling Confidential Information;Observations on Risk Management;Observations on Control Environment;Observations on Corporate Governance;Observations on Conflict of Interests Issues;Observations on Fraud and Misusement;Varie.

22

Assessment

Self-Assessment of Each Particular Audit.

Annual Self-Assessment. Annual Internal Assessment.Annual Appraisal. External Assessment (At once in 3

years).

23

Audit Process

5 Stages and 12 StepsPlanning (4 Steps);Conducting (1 Step);Drafting Results (3 Steps);Disclosure (1 Step);Assessment (2 Steps);Follow-up (1 Step).

24

Risks of Particular ModelRisk of Discontinuity;Risk of Incompetence;Risk of Independence;Risk of Divisibility;Risk of Shortage of Ideas.No Time for Deeper and Longer

Engagements.

25

Strengths

Clear Responsibility.Efficiency of Ressource Consumption.No Opposition with MB.

26

Audit failing

Standardized and Formalized;Traditional;Digital.

27

Thank you very much for your Thank you very much for your attentionattention!!