Expectations for internal audit: What a good control environment looks like

Expectations for internal audit: What a good control environment looks like

By Gilles Artaud, Group General Inspection – Supervisor, Crédit Agricole SA

Interview ahead of the Model Risk Management Europe Summit
**Disclaimer: The opinions stated in the article do not represent the opinions of Crédit Agricole S.A.**
Can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

I’ve been working in investment banking for the last 25 years. Starting in Quant / IT teams in the 1st line of defence (Front Office), I moved to 2nd line of defence (Risk) to lead topics mostly model-based on Credit, CCR, XVA, IM and increasingly regulatory topics. I’m now leading the 3rd line of defence Model Audit for Group Inspection Générale within Group Crédit Agricole SA.

My current challenge is transforming and re-inventing model audit in the light the transformation and set-up in the recent years of Model Risk Management framework in organisations. This re-foundation shall integrate impact of digital transformation and new technologies (among others increasing IA approaches and emerging quantum computing).

What for you are the benefits of attending a conference like the Model Risk Management Summit and what can attendees expect to learn from your session?

I know I’ll come back in Paris with a better knowledge of best practice and incoming challenges on MRM.

In my session, I’ll share what I learned and experienced while validating and the auditing Models and Model Risk Management frameworks in different entities.

I’ll make sure to save some time, during and after the session, for questions and further exchanges. This is the most interesting parts for me as a speaker, the part I will be able thanks to your questions to challenge and improve my approach!

What key considerations need to be made when coordinating third line with regulators?

Specifically on the model issues, 3rd line was initially a validation (or re-validation function). Then it moved to challenging not only models but also the whole Model Risk Management framework. Regulators and supervisors often leverage on 3rd line to ensure the quality of the models in place, and also the appropriateness of new models which will be submitted to their validation (refer to Nov 2018 ECB documents for illustration). 3rd line Model Audit must find a position to create value for in the organisation not only as and intermediate step between internal validation and supervision, it shall neither be a re-validation nor a pre-IMI or pre-TRIM function.

In your opinion, how can we look to effectively benchmark with industry peers for new models set up?

Each organisation is different, so the appropriate set-up might be different for each organisation, especially depending on how much centralised or de-centralised it is, history and culture. Nevertheless, benchmarks can be useful to provide some reference points and new ideas. Exchanging best practice and increasing awareness of peer’s approaches is the best way to improve set-up globally. This seminar is a good move in the right direction!

What are the challenges and opportunities of auditing model risk?

As models are very different and more and more everywhere within an organisation, model risk audit is the opportunity to approach face-to-face different models using different techniques in widely different business lines and entities.

First thoughts: knowing you’ll face very different models in each mission, if you want to be efficient and not waste time re-inventing approach for each model, you need a very strong and structured framework with detailed audit guides, and stick to it. Model Risk of course raises more frequently when models are weak or governance not satisfying.

On one side, a very structured audit approach and detailed guides are required.

On the other side, Model Risk is mostly coming out of “unknown unknowns”, “black swans” and other weird animals which are by definition the ones you can’t predict easily and the ones varying the most between models and business lines. You need to keep an open mind, capacity for surprise and astonishment and sense of awe. You must be as flexible as possible and able to adapt your approach and re-invent questions in each mission.

Challenge is to find the right balance in meeting both constraints: very structured approach, without being prisoner of your guides!

How do you see the impact of Model Risk evolving over the next 6-12 months?

I expect event more increased awareness of Model Risk issues. Rapid development of new technologies, Fintechs, increased automatism, new regulatory requirements on these models with also a focus on Ethic (c.f. EC and UNESCO recent publication) will create challenges we don’t even forecast as of today.

Meet Gilles Artaud at…

Sign up for your free Risk Insights account: