Skip to main content
Entire section Custom print Text Only Rich Text Print

7.2 Internal Audit

N 35/2018 STA
  1. 7.2.1Appointment of Internal Auditor
    1. a)The Licensed Person must appoint an Internal Auditor who is responsible to carry out regular audits across all aspects of its business; and
    2. b)The Internal Auditor must possess sufficient knowledge and appropriate experience to deal with all issues related to internal audit.
  2. 7.2.2Scope of the Internal Audit
    1. a)The Licensed Person must have an Internal Audit Charter, that clearly states the purpose, scope and reporting lines of the Internal Auditor;
    2. b)The Internal Audit Charter must be reviewed by the Audit Committee and then approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
    3. c)The Internal Auditor must adhere to relevant auditing standards and code of ethics that are applicable to the internal audit profession;
    4. d)All business activities of the Licensed Person, core functions, non-core functions, branches, Head Office, Management Office (if any), reconciliation process, unreconciled items, unclaimed funds, liquidity, capital adequacy, etc. must be covered under the scope of internal audit in addition to the AML and regulatory compliance;
    5. e)The Internal Auditor must be given access to employees, data and records which may reasonably be required to fulfil all responsibilities;
    6. f)The Internal Auditor must be informed, on a timely basis, of any changes in the applicable Regulations, the Standards and the Licensed Person’s policies or procedures;
    7. g)The Internal Auditor must prepare the Annual Internal Audit Plan after discussing with the Audit Committee and obtain the approval of the Board of Directors (or of the Owner/Partners where there is no Board of Directors) at the beginning of each financial year;
    8. h)The Annual Internal Audit Plan must contain timelines for each internal audit, internal audit reporting deadlines, allocation of resources, areas to be audited, follow up audit plans etc.;
    9. i)Internal audits must be performed in accordance with the Annual Internal Audit Plan and the Board of Directors (or the Owner/Partners where there is no Board of Directors) must ensure that internal audit findings are addressed in a timely manner; and
    10. j)The Internal Audit Charter and Plan must be reviewed by the Audit Committee at the end of each year to assess the effectiveness of the internal audit function and a summary of such reviews must be presented to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
  3. 7.2.3Internal Audit Reporting Lines
    1. a)The Internal Auditor must report directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors); and
    2. b)Copies of all internal audit reports and corrective actions taken by the Manager in Charge must be available for verification by the Central Bank Examiners.
  4. 7.2.4Independence and Conflict of Interest
    1. a)The Internal Auditor’s role must be handled by a dedicated resource and must not be combined with any other function of the Licensed Person; and
    2. b)The Internal Auditor must bring any matter affecting their independence such as creating any conflict of interest or limiting the scope of internal audit, restricting access to any information, etc. to the attention of the Board of Directors (or of the Owner/Partners where there is no Board of Directors).