The Group Internal Audit organizational unit (o.u.), reporting to the Board of Directors, supports the control bodies in assessing the adequacy and the effectiveness of the functioning of the internal control and risk management system.
According to the International Standards for the Professional Practice of Internal Auditing (specifically Standard nr. 1300), at the end of 2016 Leonardo’s Chief Audit Executive undertook a quality assurance and improvement program of the internal audit activity. The program includes, according to International Standards of the Institute of Internal Auditors (IIA), both internal, on an ongoing basis, and external assessment conducted at least once every 5 years by a qualified, third party independent assessor.
The Chief Audit Executive communicates annually the results of both internal and external assessments to the Board of Directors, the Control and Risk Committee and the Board of Statutory Auditors.
Internal and external assessment
The internal assessments consist in on-going monitoring and supervision of the internal audit activity and periodic self-assessment conducted according to the annual Quality Review Plan approved by the Board of Directors. With the main objective of pursuing and maintaining a continuous improvement of Internal Audit activities, Group Internal Audit presents the Quality Assurance and Improvement Program (“QAIP”) – established by the IIA Standard 1300 – to the Control and Risk Committee, on a yearly basis. The QAIP includes several activities relating to:
- Quality Assurance Review of Internal Audit Engagements;
- Support Activities like Quality Assurance documentation, Periodical Group Internal Audit self-assessment, QAIP reporting program and plan etc.;
- Methodology development like KPI, Knowledge sharing days, tool implementation etc.;
and the consistency with the following rules/requirements are used to assess the Internal Audit activities:
- IIA’s International Standards for the Professional Practice of Internal Auditing (Standards);
- Audit Charter;
- Group Internal Audit Operational Guidelines and other internal references.
The external assessments, in accordance with International Standards, include an opinion on all internal audit activities performed and conclusions about the conformance with the Definition of Internal Auditing, the IIA’s Code of Ethics, the Standards; external assessment may also include recommendations in the perspective of continuous improvement. In 2017 the Group Internal Audit o.u., in response to the external assessment, obtained the Quality Assurance Review certification, with the opinion of “General Conformity” (maximum degree of assessment, according to International Standards).
Audit Plan and procedural framework
- Group Internal Audit internal managers ensure a proper supervision of the engagements, in particular in the most significant stages of the interventions (planning, execution and reporting). Through the supervision, it is also ensured that audit objectives (Work Program) are achieved and that Group Internal Audit Operational Guidelines are respected.
- The internal procedural framework, the methodology and the investigation procedures (including Whistleblowing investigation procedures) are subject to regular updates that may be necessary as a result of specific requests of management or Supervisory Bodies, Chief Audit Executive’s guidance, organizational and business changes and/or any developments in the regulation of internal audit professional practices, and in any case at least every three years or in response to changes in the regulatory environment.
Internal auditors and all the related staff conducting investigations on anti-corruption receive dedicated and specific training courses through classroom session, on-line training, training on the job as well as participation in conferences, seminars and external professional courses.
With regard to training activities of Internal Auditors, the Project Management Office (“PMO”) performs assurance activities in accordance with the IIA’s Standard. In particular, the compliance with the Standard 1230 “Continuing Professional Development” is supervised through PMO’s Internal Auditors:
- professional development and training plans;
- membership and participation in professional organizations;
- on the job training and in house training.
Internal Audit policies, training schedule, self-assessment and surveys contribute to the planning of continuing professional development.