Next gen now – award-winning internal audit at BNY Mellon

How do you create a team capable of providing the next generation of internal audit? This was the question that the Investment Management Internal Audit team at BNY Mellon asked. Its success at identifying and implementing a range of innovations won it the Audit & Risk Award for Outstanding Team – Financial Services in 2023.

“We had two key focuses,” explains Imtiaz Hussain, Managing Director and Deputy Chief Auditor. The first was innovation – what would next generation internal audit look like and how should we get there? Second, what talent mix and ecosystem would we need to support this? Where would we get the knowledge and expertise, and how could we recruit and develop future internal audit leaders?”

The innovation part of the programme involved developing and sharing thought leadership with internal and external contacts, improving stakeholder communication and developing “playbooks” for important and emerging risk audits. They also established annual workshops for independent non-executive directors (INEDs) to gain feedback from them, and to educate them about the work the team was doing. The talent pipeline was addressed with a range of initiatives including participating in internship programmes and inviting subject matter experts from elsewhere to support specialist topics.

Innovation

“Our work with non-executives was particularly important because BNY Mellon has a number of specialist investment firms, each with its own board of directors, so our INED workshops pull people together from each of these. They are extremely valuable for us and well received by them,” explains Shahzad Nasar, Audit Director, Investment Management.

Environmental, social and governance (ESG) and diversity, equality and inclusion (DEI) were two important areas that the team wanted to understand better and where they thought they could develop their audit expertise. They therefore developed an ESG risk-and-control matrix and a DEI playbook to inform and educate the team.

Communication was another vital ingredient. The team embarked on a series of initiatives to communicate their work and their value better within the organisation and with the regulators.

“We want to build transparency with our stakeholders about what we see as important and what we are doing about it,” Nasar says.

Most audits in BNY Mellon Investment Management now involve data analytics (DA). They will also increasingly be harnessing artificial intelligence (AI), so the internal auditors are developing the necessary skills.

Multipurpose playbooks

The playbooks serve multiple purposes – they are a tool for internal audits, but also demonstrate the way that internal audit thinks about emerging or difficult topics to key stakeholders. Each one has a broad theme such as ESG or DEI, broken into specific areas such as risk, regulations, management influence, governance and culture.

“They highlight the applicable regulations, what internal audit’s role is and the outcome we want to gain, but also show how we can add value to stakeholders and improve the overall internal audit journey,” Hussain explains. “They focus on emerging and new topics, such as the UK Consumer Duty, where we feel it’s important to articulate the internal audit approach, what we can add and what our stakeholders should expect from us.”

These playbooks also help to frame discussions about difficult topics, such as how the investment management firms gain and measure diversity of thought at management and board level.

“We create the playbooks to provide guidance and a roadmap, but we then need to deliver. They must result in tangible audit products,” Hussain adds. “We have brought in people from other industries to help us. For example, much of the leadership on our ESG initiatives came from someone we hired from India who had a background in climate and ESG, not in financial services.”

Practicality and value are therefore as important as innovation. The ESG risk-and-control matrix, for example, was designed to be used by the wider audit function, to promote internal audit’s reputation and share its thinking and expertise.

Emerging risk

Communication is two-way. The team has focused on building collaboration with external groups and resources to enhance its awareness and understanding of emerging risks. They maintain close links with the Big Four consultancies and encourage people to join external groups.

“I am a member of directors’ climate forum Chapter Zero and other non-profit ESG organisations,” says Hussain. “Such links give us channels to share our thoughts and to learn from others. Nothing is constant – it changes all the time.”

“We developed a playbook covering key elements of the Sustainable Finance Disclosures Regulation (SFDR) and delivered an audit on it, and we are currently developing a climate reporting playbook” adds Nasar.

The team is now focusing its attention on new regulations including the EU Corporate Sustainability Reporting Directive (CSRD) and the UK Sustainability Disclosure Requirements (SDR).

Financial crime is another rapidly developing issue. “Geopolitical risks are shifting, so we need to ensure our firms keep up with anti-money-laundering regulations and sanctions legislation,” Hussain adds.

Talent management

The focus on communication and diversity also supports the team’s talent management ambitions. Team members learn from experts brought in to inform projects, and are encouraged to attend and present at internal meetings as well as at industry and sector events.

“Empowering our people is very important,” Nasar says. “If someone has gained considerable experience in a relevant area, we will ask them to talk at meetings with senior management or at different forums regardless of their seniority. It’s great for morale.” The entire Investment Management Internal Audit team attends the INED workshops, so they understand how internal audit discusses issues with non-executive directors.

The Investment Management Internal Audit team works closely with other audit teams within BNY Mellon, such as the Global Financial Crime & Compliance, Information Technology, and Asset Safety Audit Teams. Multiple teams can use their playbooks and they participate in an “Integrated Audit” solution that enables them to share expertise and staff from different parts of the audit organisation or areas of the world.

“We can bring in a financial crime, or anti-money-laundering or tech expert to create the best internal audit team for a particular audit on an audit-by-audit basis,” Hussain says. “We are currently bringing someone from the US to London to gain experience working on climate disclosure.”

AI and DA

“We will be utilising more AI and machine learning capabilities to improve our infrastructure and processes this year,” Hussain says. “We’re always looking to improve our methodology and we need to factor in changes, such as the new Global Internal Audit Standards and regulations. The internal audit function has created a digital audit playbook looking at the audits of the future”.

The awards

When it decided to enter the awards, the team allowed a month to review the nomination drafts and gain endorsements. “We saw it as an articulation of everything we had achieved and were proud to be recognised in the shortlist and to attend the awards event,” Hussain says. “We got lots of kudos from winning – it was posted up on LinkedIn and my boss congratulated everybody. We celebrated with the whole team and they were excited and energised by it.”

Their achievement was recognised across the organisation when photos from the event were publicised on the internal staff TV channel. “We gained awareness among groups who were previously unaware that there were any awards we could win,” Hussain says. “It opened up discussions on thought-leadership and we were congratulated by external contacts and stakeholders.”

Furthermore, it has supported recruitment. When the team advertised a vacancy, the applicants were aware of the recognition received by the Investment Management Internal Audit team, which made it more attractive for them to join. “Applicants already had a positive idea about who we are and how we do things and that attracted talent,” Hussain explains.

The journey does not stop here and Nasar is keen to point out that they are not complacent, but the changes implemented so far have made them fit for the present and well prepared for the future – whatever it brings. 

This article was published in 2024.