Group Internal Audit (GIA) performs the internal auditing function for the Group, and in 2018 operated with an approved average headcount of 450 full-time equivalent employees. It is an independent and objective function that supports the Group in achieving its strategic, operational, financial and compliance objectives, and the BoD in discharging its governance responsibilities.
GIA independently, objectively and systematically assesses:
- the effectiveness of processes to define strategy and risk appetite as well as the overall adherence to the approved strategy;
- the effectiveness of governance processes;
- the effectiveness of risk management, including whether risks are appropriately identified and managed;
- the effectiveness of internal controls, specifically whether they are commensurate with the risks taken;
- the soundness of the risk and control culture;
- the effectiveness and sustainability of remediation activities, originating from any source;
- the reliability and integrity of financial and operational information (i.e., whether activities are properly, accurately and completely recorded, and the quality of underlying data and models); and
- the effectiveness of processes to comply with legal, regulatory
and statutory requirements (such as the provisions of the Articles of Association), as well as with internal policies (including the Organization Regulations) and contracts, i.e., assessing whether such requirements are met, and the adequacy of processes to sustainably meet them. Audit reports that include significant issues are provided to the Group CEO, relevant GEB members and other responsible management. The Chairman, Audit Committee and Risk Committee of the BoD are also regularly informed of such issues.
In addition, GIA assures whether issues with moderate to significant effect have been successfully remediated. This responsibility applies to issues identified by all sources: business management (first line of defense), control functions (second line of defense), GIA (third line of defense), external auditors and regulators. GIA also cooperates closely with risk control functions and internal and external legal advisors on investigations into major control issues.
To maximize GIA’s independence from management, the Head GIA reports to the Chairman of the BoD and to the Audit Committee, which assesses annually whether GIA has sufficient resources to perform its function, as well as its independence and performance. In the Audit Committee’s assessment, GIA is sufficiently resourced to fulfill its mandate and complete its auditing objectives. GIA’s role, position, responsibilities and accountability are set out in our Organization Regulations and the Charter for Group Internal Audit, published at www.ubs.com/governance. The latter also applies to UBS AG’s internal audit function. GIA has unrestricted access to all accounts, books, records, systems, premises and personnel, and must be provided with all information and data that it needs to fulfill its auditing duties. The Audit Committee may order special audits to be conducted, and other BoD members, committees or the Group CEO may request such audits in consultation with the Audit Committee. GIA enhances the efficiency of its work through coordination and close cooperation with the external auditors.