Head Audit Welcome Remarks
thank you for veiwing
SME Internal Audit Charter
Bank Perusahaan Kecil & Sederhana Berhad
(SME Bank)
Internal Audit Charter
1. PURPOSE
The Internal Audit charter serves as a guide to the Internal Audit Department of SME Bank in the performance of its duties. It intend s to provide a basis for management and the Audit Committee to use in evaluating the operations of the Internal Audit function.
2. MISSION
To provide the Audit & Examination Committee (AEC) an independent, objective, and comprehensive auditing of the Bank’s operations; to advance accountability through the provision of assurance and consulting services; and to proactively work with the management in identifying risks, evaluating controls, and making recommendations that promote economical, efficient, and effective delivery of the Bank’s services.
3. INDEPENDENCE
To provide for the independence of the Internal Audit Department, its personnel report to the VP Internal Audit, who reports to the functionally to the Audit & Examination Committee and administratively to the Managing Director. The VP Internal Audit will meet privately at least once every fiscal quarter, with the Audit Committee. In addition, the VP Internal Audit will have direct access to the Audit Committee and will take directly to the Chair of the Audit Committee, any matter that is believed to be of sufficient magnitude and importance to require immediate attention of the Audit Committee.
To maintain its independence, the Internal Audit Department will have no direct operational responsibility or authority over any of the activities under scope. Accordingly, it will not develop nor install systems or procedures, prep are records, or engage in any other activity that would normally be audited.
4. OBJECTIVITY
To maintain objectivity, AEF shall:
a. Avoid any conflict of interest situations arising, whether real or perceived, either from their professional or personal relationship in the organisation or activity which is subject to audit;
b. Have no authority or responsibility over any unit being audited;
c. Not engage personnel in areas where it may be reasonable to construe that their independence would be impaired; and
d. Act only in an advisory capacity.
5. SCOPE AND ROLE OF IA
The core function of IA is to perform an independent appraisal of SME Bank’s activities as a service to the Board and Management. The IA function is responsible to review, appraise and recommend improvements to the internal control systems established by Management.
The IA function will contribute to the achievement of SME Bank’s overall goals and objectives through the provision of timely, independent and impartial advice as to whether activities reviewed are:
a. In accordance with SME Bank’s policies and direction;
b. In compliance with prescribed laws and regulations; and
c. Achieving the desired results efficiently, effectively and economically.
The IA function shall play a participative and consultative role in assisting Management to accomplish SME Bank’s objectives and goals. The IA objective also includes promoting effective control while maintaining operational efficiency. The IA function will accomplish this by adopting better practices and will keep abreast of new developments affecting their work and in matters affecting SME Bank’s activities.
6. RESPONSIBILITIES OF THE IA FUNCTION, MANAGEMENT AND AUDITEE
A meaningful IA process requires strong cooperation between the IA function, Management and the Auditee. Each party’s responsibilities in this regard include the following:
The IA function
a. The IA function is responsible for operating under the policies established by the Audit & Examination Committee and the guidelines on minimum audit standards for internal auditors as promulgated by the Institute of Internal Auditors, Malaysia, Bank Negara Malaysia and other relevant guidelines.
b. The IA function does not have executive responsibility for any of the activities, which it audits. Members of the IA function will play a participative and consultative role in assisting management to accomplish SME Bank’s objectives and goals but not assume executive responsibility for the design, operations and control of any procedures.
c. The IA function is not responsible for detecting frauds, errors, omissions and other irregularities, but should be vigilant and alert where auditee’s operations substantially deal with cash transactions or involve high risk activities. An investigation is warranted if there is sufficient evidence or indication that fraud or material irregularities are likely to occur with the approval from the Audit & Examination Committee.
Management
a. Management is responsible for establishing and maintaining a strong system of internal control, related accounting and operational policies and records, and other management information systems for reporting and management purposes.
b. Management is responsible for ensuring the IA function has:
i. The support of Management and the Board and communicates this support within their units;
ii. Unrestricted access to all records, personnel and physical properties of SME Bank, relevant to the performance of IA functions; and
iii. Direct access and freedom to report to senior management (including the Managing Director and Audit & Examination Committee).
c. Management is responsible for the prevention and early detection of fraud, errors, omission and other irregularities through the implementation and continued operation of a strong system of internal control.
d. Management is responsible for deciding the action to be taken on the outcome of or findings from IA work.
Auditee
a. The Auditee should cooperate fully with the IA process by providing unrestricted access to facilities, records, information and personnel.
b. The Auditee should respond in writing, in a timely manner, to all audit recommendations. Disagreements with recommendations or alternative solutions to identified findings are often acceptable. Each response should contain an estimated implementation date.
As far as practicable, the Auditee should implement agreed-upon corrective action programs.
7. SCOPE AND AUTHORITY OF THE IA FUNCTION
There is no restriction placed upon the scope of the IA’s work. The internal auditors are authorised to have full, free and unrestricted access to all departments, their personnel, records and physical property. Documentation and information provided are subject to appropriate levels of security and confidentiality.
IA reviews will include operational, financial and compliance reviews. The scope of these reviews will be based on Management’s assessment of operational and financial risk. Coverage should focus on high-risk areas and stress internal control assessments.
The IA’s work will normally include but is not restricted to: -
a. Assist Management in identifying and assessing the operational and financial risks and the internal controls instituted.
b. Perform an independent appraisal on the systems established by Management to ensure compliance with applicable policies, plans, procedures, laws and regulations.
c. Review the means of safeguarding assets as appropriate, verifying the existence of such assets.
d. Review operations to ascertain whether results are consistent with established objectives and goals and whether the operations are being carried out as planned.
e. Review the reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information.
f. Appraise the economy, efficiency and effectiveness which resources are employed.
g. Conduct special audit assignment and investigative work, management audits and information system audits.
h. Follow-up work on IA reports to ascertain whether matters, which require addressing, have been rectified and corrective actions taken are effective.
8. PLANNING
The IA function will submit an annual IA plan setting out the recommended scope of their work for the year to the Audit & Examination Committee for approval. The plan will detail all significant areas to be covered and contain an estimate of the resources required to carry out the planned procedures and their scheduled timing and duration.
9. AUDIT STANDARDS AND ETHICS
All audit work shall meet the auditing, professional standards and codes of ethics promulgated by the Institute of Internal Auditors Malaysia. Each member of the IA function is expected to consistently demonstrate high standards of conduct and ethics as well as appropriate judgment, independence and discretion. Members will maintain a professional image and protect Auditee confidence and confidential information.
10. QUALITY ASSURANCE
The IA function shall establish and maintain a programme of quality assurance designed to evaluate the operations of the IA function. This programme shall include training, supervision, internal and external reviews.
The IA function shall be proficient in applying generally accepted auditing and accounting standards, applicable laws and regulations, guidelines and directives issued by regulatory authorities, and
11. RELATIONSHIP WITH MANAGEMENT
The IA function will form an integral part of the management and will provide independent assurance on the adequacy, efficiency and effectiveness of the internal control systems implemented by Management and forms an integral part of the management process.
12. RELATIONSHIP WITH THE EXTERNAL AUDITORS
The IA function will coordinate its activities with those of the external auditors in order to optimise audit coverage while minimising cost.
(SME Bank)
Internal Audit Charter
1. PURPOSE
The Internal Audit charter serves as a guide to the Internal Audit Department of SME Bank in the performance of its duties. It intend s to provide a basis for management and the Audit Committee to use in evaluating the operations of the Internal Audit function.
2. MISSION
To provide the Audit & Examination Committee (AEC) an independent, objective, and comprehensive auditing of the Bank’s operations; to advance accountability through the provision of assurance and consulting services; and to proactively work with the management in identifying risks, evaluating controls, and making recommendations that promote economical, efficient, and effective delivery of the Bank’s services.
3. INDEPENDENCE
To provide for the independence of the Internal Audit Department, its personnel report to the VP Internal Audit, who reports to the functionally to the Audit & Examination Committee and administratively to the Managing Director. The VP Internal Audit will meet privately at least once every fiscal quarter, with the Audit Committee. In addition, the VP Internal Audit will have direct access to the Audit Committee and will take directly to the Chair of the Audit Committee, any matter that is believed to be of sufficient magnitude and importance to require immediate attention of the Audit Committee.
To maintain its independence, the Internal Audit Department will have no direct operational responsibility or authority over any of the activities under scope. Accordingly, it will not develop nor install systems or procedures, prep are records, or engage in any other activity that would normally be audited.
4. OBJECTIVITY
To maintain objectivity, AEF shall:
a. Avoid any conflict of interest situations arising, whether real or perceived, either from their professional or personal relationship in the organisation or activity which is subject to audit;
b. Have no authority or responsibility over any unit being audited;
c. Not engage personnel in areas where it may be reasonable to construe that their independence would be impaired; and
d. Act only in an advisory capacity.
5. SCOPE AND ROLE OF IA
The core function of IA is to perform an independent appraisal of SME Bank’s activities as a service to the Board and Management. The IA function is responsible to review, appraise and recommend improvements to the internal control systems established by Management.
The IA function will contribute to the achievement of SME Bank’s overall goals and objectives through the provision of timely, independent and impartial advice as to whether activities reviewed are:
a. In accordance with SME Bank’s policies and direction;
b. In compliance with prescribed laws and regulations; and
c. Achieving the desired results efficiently, effectively and economically.
The IA function shall play a participative and consultative role in assisting Management to accomplish SME Bank’s objectives and goals. The IA objective also includes promoting effective control while maintaining operational efficiency. The IA function will accomplish this by adopting better practices and will keep abreast of new developments affecting their work and in matters affecting SME Bank’s activities.
6. RESPONSIBILITIES OF THE IA FUNCTION, MANAGEMENT AND AUDITEE
A meaningful IA process requires strong cooperation between the IA function, Management and the Auditee. Each party’s responsibilities in this regard include the following:
The IA function
a. The IA function is responsible for operating under the policies established by the Audit & Examination Committee and the guidelines on minimum audit standards for internal auditors as promulgated by the Institute of Internal Auditors, Malaysia, Bank Negara Malaysia and other relevant guidelines.
b. The IA function does not have executive responsibility for any of the activities, which it audits. Members of the IA function will play a participative and consultative role in assisting management to accomplish SME Bank’s objectives and goals but not assume executive responsibility for the design, operations and control of any procedures.
c. The IA function is not responsible for detecting frauds, errors, omissions and other irregularities, but should be vigilant and alert where auditee’s operations substantially deal with cash transactions or involve high risk activities. An investigation is warranted if there is sufficient evidence or indication that fraud or material irregularities are likely to occur with the approval from the Audit & Examination Committee.
Management
a. Management is responsible for establishing and maintaining a strong system of internal control, related accounting and operational policies and records, and other management information systems for reporting and management purposes.
b. Management is responsible for ensuring the IA function has:
i. The support of Management and the Board and communicates this support within their units;
ii. Unrestricted access to all records, personnel and physical properties of SME Bank, relevant to the performance of IA functions; and
iii. Direct access and freedom to report to senior management (including the Managing Director and Audit & Examination Committee).
c. Management is responsible for the prevention and early detection of fraud, errors, omission and other irregularities through the implementation and continued operation of a strong system of internal control.
d. Management is responsible for deciding the action to be taken on the outcome of or findings from IA work.
Auditee
a. The Auditee should cooperate fully with the IA process by providing unrestricted access to facilities, records, information and personnel.
b. The Auditee should respond in writing, in a timely manner, to all audit recommendations. Disagreements with recommendations or alternative solutions to identified findings are often acceptable. Each response should contain an estimated implementation date.
As far as practicable, the Auditee should implement agreed-upon corrective action programs.
7. SCOPE AND AUTHORITY OF THE IA FUNCTION
There is no restriction placed upon the scope of the IA’s work. The internal auditors are authorised to have full, free and unrestricted access to all departments, their personnel, records and physical property. Documentation and information provided are subject to appropriate levels of security and confidentiality.
IA reviews will include operational, financial and compliance reviews. The scope of these reviews will be based on Management’s assessment of operational and financial risk. Coverage should focus on high-risk areas and stress internal control assessments.
The IA’s work will normally include but is not restricted to: -
a. Assist Management in identifying and assessing the operational and financial risks and the internal controls instituted.
b. Perform an independent appraisal on the systems established by Management to ensure compliance with applicable policies, plans, procedures, laws and regulations.
c. Review the means of safeguarding assets as appropriate, verifying the existence of such assets.
d. Review operations to ascertain whether results are consistent with established objectives and goals and whether the operations are being carried out as planned.
e. Review the reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information.
f. Appraise the economy, efficiency and effectiveness which resources are employed.
g. Conduct special audit assignment and investigative work, management audits and information system audits.
h. Follow-up work on IA reports to ascertain whether matters, which require addressing, have been rectified and corrective actions taken are effective.
8. PLANNING
The IA function will submit an annual IA plan setting out the recommended scope of their work for the year to the Audit & Examination Committee for approval. The plan will detail all significant areas to be covered and contain an estimate of the resources required to carry out the planned procedures and their scheduled timing and duration.
9. AUDIT STANDARDS AND ETHICS
All audit work shall meet the auditing, professional standards and codes of ethics promulgated by the Institute of Internal Auditors Malaysia. Each member of the IA function is expected to consistently demonstrate high standards of conduct and ethics as well as appropriate judgment, independence and discretion. Members will maintain a professional image and protect Auditee confidence and confidential information.
10. QUALITY ASSURANCE
The IA function shall establish and maintain a programme of quality assurance designed to evaluate the operations of the IA function. This programme shall include training, supervision, internal and external reviews.
The IA function shall be proficient in applying generally accepted auditing and accounting standards, applicable laws and regulations, guidelines and directives issued by regulatory authorities, and
11. RELATIONSHIP WITH MANAGEMENT
The IA function will form an integral part of the management and will provide independent assurance on the adequacy, efficiency and effectiveness of the internal control systems implemented by Management and forms an integral part of the management process.
12. RELATIONSHIP WITH THE EXTERNAL AUDITORS
The IA function will coordinate its activities with those of the external auditors in order to optimise audit coverage while minimising cost.
