| Title of the PPR
Internal Audit Charter
Board of Directors
9 March 2017
Current Document: Board of Directors Decision No. BD-2017-64-08, dated 9 March 2017
Previous Document: The Board of Directors Decision No. BD-2008-13-01, dated 6 August 2008
| Related Policies and Information
|| Establishment of the Audit Committee
Internal Audit Charter
Continuity, Independence and Objectivity
Review of the Charter
This Charter primarily aims to define and establish the mission, scope, authority, responsibilities, and position of Internal Audit (IA) function within the ECO Trade and Development Bank (the Bank) which is carried out by the Internal Audit Department (IAD).
Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve the Bank’s operations. It helps the Bank accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The IA is to ensure that the Bank’s operations are conducted according to the highest professional standards by providing an independent, objective assurance function and advising on the Board of Governors’ (BoG) and Board of Directors’ (BoD) resolutions, and the Bank’s policies, procedures, and decisions (collectively “regulations”) by examining and evaluating that;
- risk exposure, relating to the Bank’s objectives, is accurately identified, reviewed and reported,
- the Bank’s resources and assets are appropriately accounted and safeguarded and employed in an economic, effective and efficient manner,
- the financial, operational, accounting and other management information systems in the Bank are sufficient, accurate and reliable,
- the appropriate risk management procedures and methodologies are established, applied and reviewed,
- the functions and activities of the Bank (lending, finance, portfolio and treasury operations, risk management, and all other operational activities, including human resource and administrative services functions) are performed with respect to the regulations and applicable standards,
- The Bank’s risk management, governance and internal control processes are effective and monitored.
For the efficient discharge of its responsibilities, the IAD is authorized to;
- enter all areas of the Bank and have full, free, and unrestricted access to Bank’s functions, systems, documents, records, property, and personnel of the Bank considered necessary for the performance of its functions where full, free, and unrestricted access means “within the approved audit plan and/or ad hoc tasks” assigned by the Audit Committee and the President (collectively “audit assignments”),on every internal audit assignment, require all members of staff and management to supply such information and explanations as may be needed within a reasonable period of time,
- have full, free, and unrestricted access to the Audit Committee and the President, and
- obtain the necessary assistance from personnel of the Bank where it performs audit assignments upon approval by the respective Division Head, as well as other specialized services from outside the Bank if IAD deems necessary.
IAD staffs have no authority over any of the activities and operations reviewed or personnel involved.
The IAD provides objective analyses, appraisals, recommendations, and pertinent comments concerning the activities that it reviews to the Bank’s Audit Committee and the President.
In line with this Charter, the responsibilities, which are also the departmental job description, of the IAD are:
- to prepare an annual risk-based internal audit (RBIA) plan consistent with the Bank’s goals. The audit planning framework shall be prepared after interviewing departments such as Compliance, Risk Management, Financial Control, Project Implementation and Monitoring and Treasury including any risks or control concerns identified by the Audit Committee and the President,
- to request a written approval from the Audit Committee, in consultation with the President, on any major changes in the audit plan,
- to implement the annual audit plan and execute timely delivery of audit assignments in the plan,
- to assure that functions and activities audited are performed properly with respect to the regulations and applicable standards,
- to examine that significant financial, managerial, and operating information is accurate, reliable, and timely,
- to review the adequacy of risk, control and governance processes to ensure compliance with policies, plans, procedures, and business objectives,
- to examine that resources are acquired economically, used effectively and efficiently, and protected, adequately,
- to assess the means of safeguarding assets,
- to examine that risks are appropriately identified and managed within each internal audit assignment and to provide recommendations,
- to follow up and appraise the adequacy of the actions taken by the Bank on recommendations on previous audit reports to make sure that effective and adequate remedial actions are taken and advising the Audit Committee of the risk(s) assumed of not taking corrective actions on reported findings,
- to keep the Audit Committee and the President informed of emerging trends, successful practices, and significant measurement criteria in internal auditing,
- to meet and/or issue periodic reports to the Audit Committee and the President of the Bank summarizing the result of the audit activities, and
- to perform consulting services related to internal audit, control, risk management, and governance processes,
- to ensure that the IAD staff possesses the knowledge, skills and other competencies needed to perform their duties.
The internal audit process, however, does not relieve departmental heads and staffs of their responsibility for the maintenance and improvement of internal controls in their respective areas.
Continuity, Independence and Objectivity
The IA shall be permanent function within the Bank. To ensure the independence, the IAD shall be directly and functionally responsible to the Audit Committee, and administratively to the President.
In this context, functional accountability means that the Audit Committee shall;
· approve the audit plan in consultation with the President,
· receive communications from the Head of IAD on the results of the internal audit activities or other matters that s/he determines to be necessary,
· provide opinion and comments on the internal audit charter whenever it is to be amended, and
· determine whether there are scopes or budgetary limitations that impede the ability of the IAD to execute its responsibilities.
Administrative accountability is the relationship of the IAD within the organization's management structure that facilitates day-to-day operations of the internal audit activity and provides appropriate interface and support for effectiveness. Administrative reporting typically includes as approving annual leave and so on.
On the basis of the audit plan and ad hoc assignments, the internal audit activity shall remain free from any interference by any element in the organization. The Head of IAD shall confirm to the Audit Committee, at least annually, the organizational independence of the internal audit activity. For the purpose of the independence of the IAD, the appointment and removal of IAD Head shall be executed with the Audit Committee’s prior approval. Furthermore, performance appraisal of the IAD Head shall be conducted by the Chairman of the Audit Committee in consultation with the President.
The IAD must have an impartial, unbiased attitude and avoid any conflict of interest. To maintain objectivity, IAD is not involved in day-to-day operations and control procedures. Instead, each business unit is responsible for its operations and internal control. The IAD and its staffs are not authorized to perform any operational duties for the Bank and initiate or approve accounting transactions external to IAD.
· Calendar Year
The calendar year for the Internal Audit activities is from the end of the BoG annual meeting in a given year to the same meeting in the next year, when the annual Audit Committee Report is submitted to the BoG by the Audit Committee.
There are two kinds of reports; the Internal Audit Report (Audit Report) and the ad hoc report(s) prepared by the IAD.
Audit planning is an essential area of the audit mainly conducted at the beginning of audit process to ensure that appropriate attention is devoted to important areas, potential problems are promptly identified, and work is properly coordinated and completed expeditiously. Therefore the IAD shall prepare an annual audit plan in draft, which shall be based on a documented risk-assessment. The audit plan shall be finalized not later than one (1) month before the scheduled BoG Annual Meeting.
This draft plan shall explicitly mentions, among others, the priorities and the clear subject and objective of the audit work, the detailed schedule for running the audit, the field works necessary to achieve the audit objective and resource requirements.
The Head of the IA shall communicate the draft audit plan to Management Committee for review before submitting it to the Audit Committee. The audit plan shall be finalized and approved by the Audit Committee in consultation with the President and a copy of the approved audit plan shall be communicated to the Management Committee.
· Carrying out the audit works in the approved audit plan
§ Announcement Letter/e-mail
The Head of the departments to be audited shall be informed by an Announcement Letter/e-mail, at least one one week before the audit begins, where the President and/or the respective Division Head(s) is/are on CC. This letter shall communicate the source of the authorization, scope and objectives of the audit, the planned schedule, the information/documents requested and relevant information.
§ Initial (kick-off) Meeting
The internal auditing starts with an initial meeting with the department head to be audited. The audited department head describes the audit subject and provides a general explanation on the department.
The internal auditor performs the auditing with respective to the relevant regulations and the information provided in the initial meeting. As the fieldwork progresses, the internal auditor discusses any significant findings with the department heads. The fieldwork stage concludes with the list of findings, if any, from which the internal auditor shall prepare a draft of the audit report.
§ Draft Audit Report
The draft audit report, which mentiones the findings, conclusions, recommendations necessary by disclosing all material facts known to the the internal auditor, after the appoval by the Head of the IAD, shall be distributed to the heads of the departments audited. The department heads shall have the opportunity to respond within seven (7) workdays after receiving the report. In the response, the department should explain how report findings will be resolved and include an implementation timetable. The draft report, after the audited department responses, shall be distributed to the related division head(s) and the President by following the hierarchical sequence to provide their responses to the draft report, each within seven (7) workdays, on which previous response(s) is/are included, too. The Management Committee may choose to respond with a decision not to implement an audit recommendation and to accept the associated risks. In case of such event, the issue should be placed before BoD in its next scheduled meeting.
§ Finalization of the Audit Report
The final report, signed by the audited department heads, the IAD Head, the related division head(s) and the President shall be distributed by the IAD to the audited department heads, related division head(s), the President and the Audit Committee members.
· Ad Hoc Assignments
The IAD may, on a written decision of the Audit Committee or the President, carry out ad-hoc assignments on specific issues. Assignment of an ad hoc task by the Audit Committee or the President is non-delegable. The IAD can not perform any ad hoc task by itself without authorisation by the Audit Committee or the President. If the Head of IAD considers an immediate necessity for the examination of an activity/issue, which was not planned before then s/he shall apply to the Audit Committee or President in writing for the necessary authorization with the documented proof of the request in terms of necessity, urgency, associated risk and the targeted achivement. In case the approval is granted by the Audit Committee, the President shall also be informed.
· Working paper documentation
Working papers of the audit assignments shall be kept in custody for five years by the IAD. All kinds of document submitted to the IAD during an audit assignment not via emailing shall be initialed by the department head or the staff of interest. E-records of the working papers would however be preserved for ten years.
The IAD shall perform an annual follow-up review to verify the resolutions of the findings listed the issued Audit Report within one year after the Audit Report has been finalized and submitted to the related parties as described in the preceeding related section.
IAD adheres to the standards of best professional practice, such as International Standards for the Professional Practice of Internal Auditing and the Code of Ethics of The Institute of Internal Auditors (IIA) and the relevant reports and recommendations of the Basel Committee on Banking Supervision of The Bank for International Settlements (BIS).
Review of the Charter
This Charter shall be reviewed by the Head of the IAD once a year and the results shall be provided to the Audit Committee and the Management Committee.
Upon the request by the Audit Committee, an external assessment of the performance of the Internal Audit Department may be undertaken.