Internal control and audit
VTB Group’s internal control and audit functions operate in compliance with international best practices and applicable legislation in the countries where the Group operates. The system is guaranteed the necessary independence by the way its parts function together and by its reporting structure.
The VTB Group Management Committee established an Internal Audit Coordination Committee, as well as a Coordination Committee for Compliance and Internal Control aimed at preventing money laundering and the financing of terrorism.
The main objectives of VTB Group’s internal control functions include
- To independently assess the effectiveness of the internal control and risk management systems, accounting reports, business processes and the activities of departments and individual employees, and also to assess the economic expediency and effectiveness of operations and transactions;
- To verify the reliability of internal control over automated information systems, and also to verify the methods used to secure property;
- To monitor key risk areas and risk control mechanisms, with a view to identifying shortcomings in the internal control system and emerging risks, and to create mechanisms to prevent these risks;
- To develop recommendations to improve the efficiency of systems, processes, procedures, transactions and activities by the Group’s structural units and employees;
- To communicate with external regulatory bodies and external auditors.
Monitoring of the internal control system is carried out on an ongoing basis by management and employees of the Bank’s structural units, as well as by the Internal Audit Department.
Audit Committee. The Audit Committee operates as part of the structure of the Supervisory Council in order to facilitate the effective performance of the functions of the Supervisory Council in the area of control over the Bank’s financial and economic activities. More detailed information on the composition and activity of the Audit Committee can be found in the section Corporate Governance / Supervisory Council / Supervisory Council Committees.
Internal Audit Department. The Internal Audit Department provides direct support to the Bank’s governing bodies to ensure that VTB Group works efficiently and effectively. The Internal Audit Department monitors internal control systems, conducts audits and provides impartial recommendations for improving banking operations and control procedures.
The Internal Audit Department is an independent structural unit of VTB Bank and operates under the direct supervision of the Supervisory Council. The Supervisory Council approves the Internal Audit Department’s work plans and monitors their implementation, reviews the Internal Audit Department’s reports on the results of audits and on monitoring of the internal control system, as well as reports on the implementation of the Internal Audit Department’s recommendations to address previously identified issues.
Taking into account the strategic goals of VTB Bank and VTB Group regarding the transformation and digitalisation of business processes, the fit-for-purpose functional model for internal audit was changed in 2019, and the Internal Audit Department was reorganised. The main objectives of the reorganisation are:
- To develop remote, digital audit methods to considerably expand the number of transactions, deals and procedures that are audited;
- To strengthen the focus of auditing on the performance and competitiveness of business processes, the transition from the discrete auditing of facilities to the continuous auditing of processes;
- To ensure a close link between auditing and the Bank’s technological transformation, including in the banking sphere;
- To develop new audit formats: remote and thematic in terms of individual processes;
- To ensure that the internal audit methodology and personnel are up to the task in terms of new technological and organisational challenges.
The Internal Audit Department’s organisational structure comprises a number of units responsible for auditing the lending process, non-credit business processes, regional divisions, digital auditing of processes and information technologies, as well as auditing within the Group. To improve the effectiveness of the monitoring of the internal control system in the Bank’s regional branches, the structure of the Internal Audit Department includes dedicated internal control teams at the branch level.
In 2019, the Internal Audit Department conducted 36 scheduled audits and control measures, including 17 audits of various activities within the parent company and 19 audits of operations in the Bank branches. In addition, as part of its ongoing monitoring, Internal Audit Department staff members conducted 869 thematic audits at the branch level.
In addition to conducting audits and monitoring the Bank’s internal control system, the Internal Audit Department’s priority is operational oversight as well as the coordination and maintenance of the same level of practice and competencies in terms of internal audit within subsidiaries. In 2019, the Department carried out 20 control measures related to the Group’s subsidiary companies and banks. The Internal Audit Department also regularly analyses reports on the work of Group companies’ internal audit services. To enhance the level of professionalism and improve the exchange of experiences, on-the-job training is provided for staff from the internal audit services within Group companies, including the involvement of VTB Group functional coordinators.
The Internal Audit Department liaises with the Audit Committee and independent auditors, providing information on the internal control system and reporting any shortcomings during the audit period.
In 2019, PwC conducted an external independent assessment of the internal audit function in terms of its compliance with international professional standards in the context of oversight recommendations and the requirements of the Bank of Russia and the Federal Agency for State Property Management. The assessment concluded that VTB’s internal audit function is fully compliant with international standards and with the Internal audit code of ethics. The high level of maturity of the Internal Audit Department was noted in terms of its objectivity, professionalism and use of advanced approaches and technologies.