|Title of the PPR
Internal Audit Charter
Board of Directors
6 August 2008
The Board of Directors Decision No. BD2008-13-01, dated 6 August 2008
|Establishment of the Audit Committee |
Internal Audit Charter
Independence and Objectivity
Continuity and Impartiality
This charter primarily aims to define and establish a) The formal mission statement of Internal Audit and Compliance department (IAC) of the ECO Trade and Development Bank (Bank), b) The purpose, authority, and responsibilities of IAC, and c) the IAC position within the Bank, its independence and accountability.
The mission of IAC is to ensure that the Bank’s operations are conducted according to the highest professional standards by providing an independent, objective assurance function and by advising on best practice. Through a systematic and disciplined approach, IAC helps the Bank accomplish its objectives by evaluating and improving the effectiveness of risk management, internal control, compliance, and governance processes. It provides the Bank’s Audit Committee (Audit Committee) and the President with objective analyses, appraisals, recommendations, and pertinent comments concerning the activities that it reviews.
IAC aims to promote effective controls at reasonable cost. To achieve this, IAC is authorized, in the course of its activities, to:
• enter all areas of the Bank and have full, free, and unrestricted access to all levels of management, Bank’s internal- including Board of Director (BoD)- meetings, Bank’s functions, systems, the documents and records, property, and personnel of the Bank considered necessary for the performance of its functions;
• require all members of staff and management to supply such information and explanations as may be needed within a reasonable period of time;
• have access to the Audit Committee and the President;
• obtain the necessary assistance of personnel in units of the Bank where they perform audits, as well as other specialized services from within or outside the Bank.
The IAC and its staff are not authorized to:
• perform any operational duties for the Bank;
• initiate or approve accounting transactions external to IAC.
The scope of work of IAC is to determine whether the Bank’s risk management, internal control systems, information systems and governance processes are adequate and functioning in a manner to ensure that:
• risks are appropriately identified and managed;
• significant financial, managerial, and operating information is accurate, reliable, and timely;
• review the adequacy of controls established to ensure compliance with policies, plans, procedures, and business objectives;
• resources are acquired economically, used efficiently, and adequately protected;
• assess the means of safeguarding assets;
• review established procedures and systems and propose improvements;
• follow up on recommendations to make sure that effective remedial action is taken;
• carry out ad hoc appraisals, investigations, or reviews requested by the Audit Committee or the President;
• develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by the President;
• implement the annual audit plan including, as appropriate, any special tasks or projects requested by the Audit Committee or the President;
• evaluate and assess significant merging/consolidating of functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion;
• keep the Audit Committee and the President informed of emerging trends, successful practices, and significant measurement criteria in internal auditing;
• identify and report to the Audit Committee and the President actual and potential weakness in the systems of internal control where it exists, and recommend feasible ways to remedy it;
• maintain a team that collectively possesses the necessary knowledge, skills, and disciplines for the achievement of the IAC activities. In cases of special need, IAC resources may be implemented by: (a) assistance of other suitable staff within the Bank, and (b) the engagement of consulting services;
• issue periodic reports on a timely basis to the Audit Committee and to the President of the Bank summarizing the result of the Audit activities.
The internal audit process, however, does not relieve departmental heads and staff of their responsibility for the maintenance and improvement of internal controls in their respective areas.
Independence and Objectivity
To ensure the independence, IAC is directly and functionally responsible to the Audit Committee, and administratively to the President.
To maintain objectivity, Internal Audit is not involved in day-to-day control procedures. Instead, each business unit is responsible for its internal control.
The Head of IAC, in the discharge of his/her duties, shall be accountable functionally to the Audit Committee, and administratively to the President. IAC Head shall send copy of his/her reports that are sent to the Audit Committee to the President. The main functions of the IAC Department include but are not limited to:
• provide annually an assessment on the adequacy and effectiveness of the Bank’s processes for controlling its activities and managing its risks in the areas set forth above under “Purpose”;
• report significant issues related to the processes for controlling the activities of the Bank, including potential improvements to those processes, and provide information concerning such issues;
• furnish the annual audit plan and periodically provide information on the status and results of the annual audit plan and the sufficiency of IAC’s resources;
• coordinate with and monitor the results of work performed by, other control and monitoring functions (e.g., risk management, security, ethics, evaluations, and external audit);
• perform financial, accounting, administrative, information technology, and operational audits in a systematic and selective manner to provide adequate audit coverage over an appropriate period;
• review the systems of internal controls maintained by the Bank to safeguard its financial and physical assets, verifying the existence of related assets, ascertaining high risk areas, and recommending alternative approaches to correct any weaknesses;
• maintain a continuing program for reviewing the effectiveness of lending and technical assistance activities in order to ascertain whether results are consistent with established Bank policies, objectives and goals;
• review the reliability, accuracy, and integrity of financial and operating information systems and related policies, plans, procedures, and records in order to appraise their adequacy regarding the intended objectives;
• appraise the adequacy of the action taken by the President on recommendations to correct reported internal control weaknesses and/or deficient conditions and advises the Audit Committee and the President of the risk(s) assumed of not taking corrective action on reported findings;
• continue direct communications with appropriate management staff members on corrective actions considered inadequate until the matter has been satisfactorily resolved.
In this context, functional accountability means that the Audit Committee would:
• approve the internal audit risk assessment and related audit plan;
• receive communications from the Head of IAC on the results of the internal audit activities or other matters that he/she determines to be necessary, including private meetings with him/her without management present;
• approve the charter of the internal audit function;
• determine whether there are scopes or budgetary limitations that impede the ability of the internal audit activity to execute its responsibilities.
Administrative accountability is the relationship of the IAC within the organization's management structure that facilitates day-to-day operations of the internal audit activity and provides appropriate interface and support for effectiveness. Administrative reporting typically includes:
• budgeting and management accounting;
• internal communications and information flows;
• administration of the organization's internal policies and procedures.
Continuity and Impartiality
• Internal Audit within the Bank shall be a permanent function.
• IAC shall be objective and impartial in performing its assignment.
• Objectivity and impartiality entails that the internal audit department itself seeks to avoid any conflict of interest.
For the purpose of the impartiality and independence of the IAC Department, the appointment and removal of IAC Head shall be executed in accordance with the Bank’s internal regulations, but in consultation with the Chairman of the Audit Committee. Furthermore, personnel evaluation (performance appraisal) of the IAC Head shall be conducted by the Audit Committee.
IAC adheres to the standards of best professional practice, such as International Standards for the Professional Practice of Internal Auditing and the Code of Ethics of The Institute of Internal Auditors (IIA) - www.theiia.org- and the relevant reports and recommendations of the Basel Committee on Banking Supervision of The Bank for International Settlements (BIS) - www.bis.org.