Open questions

For details of Infoline events, visit www.infoline.org.uk

Should internal audit and compliance monitoring be combined? “It's a discussion we've had over the last couple of years as part of looking at the common platform [Capital Requirements Directive and Markets in Financial Instruments Directive] systems and controls [requirements],” John Vanstone, Head of Regulatory Monitoring, AXA Life answered during a panel session at Infoline's recent More Principles-Based Regulation (MBPR) conference. Vanstone's institution has decided to keep the two separate; it is an approach that he's “comfortable” with, especially as he spends a lot of time working with internal audit: ”I refer to them as my cousins and they second people into my team and vice versa.” Cindy Chan, partner in financial services at Deloitte, said there was no right or wrong answer, “it depends on risk appetite and how you want to structure going forward”. She noted that some firms have merged the functions as a way to ensure the independence of the monitoring team since internal audit is already seen as clearly separate from the business.