About us

Internal Audit

Banco de España Internal Audit Charter

The Banco de España Internal Audit Charter sets out the purpose, responsibilities and remit of the Banco de España Internal Audit Department, as well as its place in the latter's corporate governance.

  1. Remit/Scope and Objectives

    The Internal Audit Department provides independent and objective assurance and consulting services with the ultimate goal of adding value to the Bank's activity. It assists the institution in accomplishing its objectives by providing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

    The scope of the Internal Audit Department's remit encompasses all the functions of Banco de España, and the activities associated with them.

    The internal audit function provides a third level of control within the Bank's risk management and control framework. The first level of control consists of defining and deploying internal controls for operating processes. The second level of control includes surveillance, risk monitoring, compliance, oversight and/or verification functions.

    The Internal Audit Department carries out audits on the systems, projects and activities of the Eurosystem/ESCB, under the coordination of the Internal Auditors Committee (IAC) of the ESCB and in accordance with the Eurosystem/ESCB Audit CharterOpens in a new window.

  2. Organisation

    The Internal Audit Department reports directly to the Governor and is supervised by the Audit Committee.

    It is provided with appropriate technical and human resources to perform its duties.


  3. Duties

    The main duties of the Internal Audit Department are:

    • Evaluating risk control and management procedures and methodologies relating to meeting the objectives of Banco de España.
    • Evaluating the reliability and integrity of information, and the means used to identify, measure, classify and report it.
    • Evaluating the systems in place to ensure compliance with policies, plans, procedures, legislation and regulations which may impact the organisation.
    • Evaluating the means of safeguarding assets and verifying their existence.
    • Evaluating the effectiveness of the organisation's risk management processes.
    To this end, the Internal Audit Department must:
    • Plan audits using a risk-based methodology, incorporating any other audits deemed necessary to comply with legal obligations and regulations. The plan may be reviewed and modified depending on circumstances.
    • Undertake planned audits and any other audit or measure that may be ordered by the Governor.
    • Monitor and assess the status of recommendations made during the audits.
    • Notify the required management levels of planning, plan deployment, the results of audits and the follow-up of recommendations as set out in the Internal Audit Manual.
    • Provide consulting services as set out in the internal regulations or when asked to do so by the competent bodies.
    Furthermore, the Internal Audit Department must:
    • Develop and maintain a quality assurance and improvement programme covering all aspects of the internal audit activity.
    • Draft and update the Internal Audit Manual, including the basic principles and regulations governing the Internal Audit Department, and the standards of practice and procedures governing its activities.
  4. Independence and objectivity

    To ensure the necessary independence and objectivity, the activities of the Internal Audit Department must be free from any interference when deciding on the audit objects, scope, procedures, frequency and schedules of audits as well as the contents of the subsequent reports.

    Neither the heads of the Internal Audit Department nor the internal auditors themselves shall have authority over, or direct responsibility for, the audited activities. While performing their duties internal auditors shall avoid conflicts of interest, remain professionally impartial and not allow their decisions to be influenced by third parties or their own interests.

    Auditors shall notify their direct superiors of any circumstances that could compromise their independence and impartiality, and suitable measures will be taken.

  5. Professionalism

    The Internal Audit Department must perform its duties in line with the guidelines provided by the Institute of Internal Auditors, including its Definition of Internal Auditing, International Standards for the Professional Practice of Internal Auditing and Code of Ethics.

    Also, the department must perform its duties with professionalism and due diligence. To this end, the members of the Internal Audit Department must have the knowledge, expertise and skills needed in order to perform their duties.

  6. Access to information and confidentiality

    The Internal Audit Department has access to all the persons, files, data, systems, locations and assets deemed necessary to perform its duties. Information requested by the Internal Audit Department should be provided within a reasonable period of time. The information provided must be reliable and complete. The Director of the Internal Audit Department will notify the Governor of any attempt to obstruct the department's activities.

    The Internal Audit Department must respect the value and ownership of the information it receives, ensure its integrity and confidentiality and not disclose the information without the required authorisation, unless there is a legal or professional obligation to do so.