Implementation of Internal Audit Strategy Over Activities Related to Outsourcing of Processes in Banks

Abstract

The use of third party services has become one of the main instruments for banks in achieving their strategic goals and business. The decision on externalization, ie outsourcing of business processes depends on many factors, and it is motivated primarily by retaining key processes in the organization, lower costs, aspirations towards highly skilled personnel and better efficiency of employees, as well as greater capital inflows, cooperation with world institutions and other benefits. On the other hand, outsourcing carries with it a number of risks that can endanger the business of the institution and which particularly come to terms with the expansion of the digitization process. As a result, this process is in banks under the strict control of the internal audit body and the risk management system. Implementation of the internal audit strategy over the outsourcing process implies its active participation in decision-making on the engagement of third parties, as well as the revision of already externalized processes. The latest regulatory changes in the area of internal control (new COSO framework) were made precisely in order to establish mechanisms for adequate risk management, with emphasis on the risk in dealing with third parties, thus enhancing the role of internal audit. The subject of the research is the critical points of outsourcing regarding their risk to the banks operations, as well as the activities and scope of work of the internal audit on this process, before and after introduction of the so-called „three lines of defense“. The aim of the research is to (1) point out practical problems in outsourcing processes in banks that lead to hidden costs of doing business; (2) clearly present the steps of internal audit in the process of identifying, preventing and removing these problems, but also its other activities in the critical segments of outsourcing, and (3) through practical techniques and methods, bring closer the new function of internal audit as a significant factor in supporting the management in achieving the strategic goals of the bank. This work contributes to a better understanding of the role of internal audit in the risk management process of outsourcing, which aims to indicate the necessity of its activities at all stages of the process in order to minimize operational risk.