This is the Audit Charter of internal audit of ABG. This was initially approved by the Audit & Governance Committee (AGC) of ABG in its 9th meeting held 9 November 2008 in Cairo, and was revised and approved in its meeting of 22nd December 2016, and was approved by the Board on 22nd February 2017.
Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve the Group operations. It helps the Group accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
Internal Audit Department is an integral part of ABG and functions under the policies established by senior management and the Board of ABG. The purpose, authority, and responsibility of the Internal Audit Department should be defined in a formal written document (charter). The head of the Internal Audit Department of ABG should seek approval of the document from the Audit & Governance Committee and senior management, in addition to its acceptance by the Board.
Internal auditing is a vital part of AlBaraka Banking Group (ABG) and functions in accordance with the policies established by the Board of ABG. Each subsidiary (Unit) of ABG is expected to have an Internal Audit Department, even if local authorities do not require it. Internal auditing is an independent appraisal function established within ABG to examine and evaluate its activities as a service to the Board of each Unit, and ultimately to the Board of ABG. The findings arising from the performance of this function, are highly relevant to the management of each Unit and the ABG. The internal auditors must have a high degree of independence and must not be assigned duties or engage in any activities that they would normally be expected to review or appraise.
The appointment of the head of Internal Audit department of ABG is the sole responsibility and discretion of the Audit & Governance Committee (AGC).
The President & Chief Executive (P&CE) can recommend to the AGC a candidate, or a list of candidates, he deems fit for the job.
The AGC will study the details of the candidates, make a shortlist of a number of the candidates, and will interview them, and will decide on a candidate it deems fit for the job. On consultation with the P&CE, the AGC will decide on the financial package to propose to the new candidate.
Similarly, the appointment of head of Internal Audit of each Albaraka subsidiary banks (Unit) is at the discretion of the Audit Committee of the respective Unit.
However, such appointment should be subject to consultation with the head of Internal Audit of ABG.
Prior approval of the Central Bank of Bahrain (CBB) must be obtained for the appointment of the head of Internal Audit Department of ABG.
The head of the Internal Audit Department of the ABG, reports functionally and directly to the Audit & Governance Committee of ABG. Administratively, the head of the Department reports to the President & Chief Executive (P&CE) of ABG.
The head of the Internal Audit Department of the ABG will be the secretary to the Audit & Governance Committee. As per the agreed annual schedule, or at the request of the Chairman of AGC, he will make invitations to all members of the Committee. After acceptance of the invitation by the majority of the members, he will propose an agenda for the meeting. Once the agenda agreed, he will prepare a file containing details of each agenda. The file should be ready and sent at least one week before the date of the meeting. He is responsible to draft the minutes of the meeting and submit it to all members for their initial approval. Once the initial approval is obtained from majority of the members, he should sign it and submit it to the Secretary of the Board for submission to the Board in its next meeting.
The mission of the Internal Audit Department is to assist the Board and the management of ABG in the effective discharge of their responsibilities. It will aim to furnish them with analyses, appraisals and recommendations concerning the activities reviewed by the Department. A further global objective is to promote effective controls at reasonable costs.
The overriding objectives of the Audit Department of ABG includes the following:
To provide the Board, and management, an independent and objective evaluation of the operations' controls, policies, and procedures at ABG and at each of its Units and evaluate the business performance of each function within ABG and of each Unit.
To provide the Board and management a view on the function of the internal audit departments in each Unit to ensure it exists and it is functioning effectively.
To provide the internal audit departments of each Unit assistance so that they can provide the management and the Board of the Unit and of ABG with independent, objective evaluations of operations, policies, procedures and controls.
Internal auditors should be independent of the activities they audit and they must therefore be permitted to carry out their work freely and objectively. Independence permits internal auditors to render an impartial and unbiased judgment essential to the proper conduct of audits.
The status of each Internal Audit Department within ABG and each of the Units should be sufficient to permit the accomplishment of its audit responsibilities. The head of the Internal Audit Department should have sufficient authority to promote and maintain independence and to ensure broad audit coverage, adequate proper appreciation of audit reports, and appropriate action on audit recommendations.
Objectivity is an independent mental attitude, which internal auditors should maintain in performing audits.
The staff of the internal audit department of ABG shall every year sign a testimony of their independence and declare any conflict of interests, financial or otherwise, of the Units and departments of ABG subject to their audit.
Difference in opinions between ABG internal audit department and local management of the units shall be finally resolved and referred to the AGC.
Internal Audit Department of ABG should have full, unrestricted, and free access to records, personnel, and assets subject to their audit, review, or investigation.
Internal Audit Department of ABG should have access to the human capital and other resources of internal audit functions of each Unit.
Internal Audit Department of ABG can seek and obtain external assistance should the requisite knowledge, skills, or competence not be available within the department.
Internal Audit Department of ABG must exercise discretion and confidentiality with regard to all operations and administrative procedures and/or any other information to which they become aware of during their audit.
The staff of Internal Audit Department shall not play any executive role whatsoever in ABG or in its Units. The staff of Internal Audit Department of ABG should be restricted from the followings;
Must not perform any operational duties,
Must not audit specific operations for which they were previously responsible, for which they had management responsibility in the previous one year.
Internal Auditors should not become involved in the design, installation, drafting procedures or operation of systems primarily, because such an involvement would be presumed to impair audit independence and objectivity.
Internal auditors are not to subordinate their judgment on audit matters to that of others.
To accomplish the objectives stated above, the Internal Audit Department of ABG, will do the followings;
Develop a risk-based internal audit plan. The plan will cover audit of each Unit and departments withing ABG taking into consideration the goals and objectives of the Group. This plan addresses two key areas (1) risk assessment results (2) Internal Audit resources. This plan should be submitted annually to the Audit & Governance Committee for its prior approval.
Carry out reviews to ensure compliance with Shari'a fatwas issued by the Unified Shari'a Board of ABG and of each Units' Shari'a Boards / Committees.
Review of policies and guidelines, and codes of conduct.
Review the systems established to ensure compliance with these policies, plans, procedures, guidelines, which could have a significant impact on operations.
Review the adherence to these group policies and guidelines, and to codes of conduct.
Review the means of safeguarding assets and, as appropriate, verify the existence of such assets.
Appraise the economy and efficiency with which resources are employed.
Review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
Review of bank's capital in relation to its estimate of risks (CAR).
Assess and evaluate the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
Review of the electronic information system and electronic banking services (IT audit).
Review the compliance to regulatory requirements (CBB regulations, local central bank regulations, UN regulations, and international practices for prevention of financial crimes and terrorism).
Review compliance to best international practices of Corporate Governance.
Providing independent appraisals and recommendations regarding the ability of each Unit to comply with applicable policies, plans, procedures, laws, and regulations with the aim of adequately safeguarding assets; using resources economically and efficiently; and accomplishing established objectives and goals through:
Conducting or participating in audits of profit and support centers within ABG and at each Unit. Audits will be divided into the following areas;
Risk Assets reviews: This covers mainly credit review of financing portfolio on sampling basis, which includes credit transactions / financings to Corporate, financings to Small & Medium entities, Retail financings, exposures to Financial Institutions, Sovereign exposures, Sukuks, Investment & Trading portfolios if any. This also includes the review of Trade Finance activities, Letter of Guarantees and other Commitments and other banking services. This also covers the operational control aspects relating to processing and monitoring of these facilities / transactions. It also covers review of credit process. Horizontally, the review covers the whole cycle from initiation (the approval process) til expiry (repayments) of these transactions.
Internal Controls within the Unit as a whole and other Support departments. It includes the review of the internal audit function, internal control function, financial control, risk management function, and others. But, it does not cover the work of HR and Admin department, unless a need arises.
IT Audit. This audit is carried out by an IT auditor, who is part of the internal audit team of ABG. The review is based on best practice controls and the basic standards of ISO/17799/2700x. It covers the review of controls in the core-banking system, and any other separate ancillary system used, such as HR system, Trade Finance, E-Banking services, Windows, PCs, Internet, and the website of the unit. A separate audit report for this is issued and is included in the overall audit report of each unit.
Shari'a Audit. This audit is carried out by a Shari'a auditor, who is part of the internal audit team of ABG. The objective of this audit is to survey the efficiency and suitability of applied system to ensure Sharia compliance in the Unit. This review covers the rule of the Shariah Board of the unit, the activities of Shari'a compliance department, and activities of internal Shari'a audit. It also covers a review of the charters and procedures pertinent to Shari'a controls & products development. A review of samples of retail and commercial financing transactions granted by the unit such as Diminishing Musharaka, Istisna, Tijarah, Ijarah, Salam, Murabaha deals, and staff financings and rescheduled transactions. It covers the review of Sukuk, ordinary Shares and Treasury deals. It also includes staff training, review of Charity account, Qard Hasan, Zakah and follow up the previous findings. It also covers the review of profit distributions between shareholders and investors (depositors), dormant accounts and overdraft accounts. A separate Sharia audit report is issued, and a copy is presented to the Unified Sharia Board of ABG, and a copy to the Sharia Board of the Unit.
Corporate Governance & Compliance Audit. As part of the audit, a review of corporate governance practices and compliance to regulations is carried out. This will cover; Corporate Governance best practices, and a review of the compliance to Local regulations, CBB regulations, UN regulations, and international practices for the prevention of money laundering and financial crimes. This will cover regulations issued by OFAC of USA and the EU, the purpose of which is to distance the group from any possible accusation of non-respect to these regulations, which could lead to prevent the group from dealing in the currencies of these countries. The work will cover in particular regulations relating to AML/CFT, Sanctions, FATCA, and any similar new regulations such as the new CRTs.
Risk Management. This will cover a review to evaluate the work of Board Risk Committee and the Risk management function of each unit.
Financial Performance of each Unit / ABG Department. An appraisal of the financial performance of each Unit / ABG Department will be carried-out.
Site audit visits of branches. A few number (between two to four) of branches will be selected, and audited. The audit will be on-site.
Follow-up of issues raised in our previous audits. Inquiries and discussion will be made with management about the status of issues raised in our previous audits, but no specific audit tests will be carried out for this purpose.
Scope. The scope of internal auditing shall encompass the examination and evaluation of the adequacy and effectiveness of the internal controls and the quality of performance in carrying out assigned responsibilities. The scope of each individual audit will be determined prior to commencement of such audits. The scope will be based on a risk assessment which of each Unit and of each department within ABG.
Conducting special audits or special consultations requested by the Board of the Unit, by the Board of ABG, or by the P&CE of ABG.
Participating in manual and automated system designs as an advisor.
Investigating reported or suspected occurrences of fraud, embezzlement, theft, waste, and otherwise, and recommending controls to prevent and/or detect such occurrences.
Providing independent appraisals with recommendations regarding resource sharing, with an emphasis on program results and the economic and efficient use of resources.
Preparing an annual summary of all Internal Audit Department activities carried out by the department to be presented to the Board of Directors and the Audit & Governance Committee.
Maintaining a findings-tracking system for all issued report findings, following up on findings, on a quarterly basis, in respect of corrective action that has not yet been accomplished; and sending quarterly status reports of the Department findings tracking system to the Head of Audit of ABG which will also be included in summary form in a report to the Audit & Governance Committee of each Unit.
The Internal Audit Department should be available to carry out consulting services needed by the Board, Audit & Governance Committee, or by management. Prior approval for significant (requiring work of more than one week) consulting services requested by management should be obtained from the Chairman of AGC.
Consulting services are advisory in nature and are generally performed at the specific request the Board/Management.
Presently, the internal audit department is rendering the following consultancy services, which the AGC is aware of:
Review of ABG's Key Persons Register.
Report on MIP incentive plan for CEOs of Units.
Participating, as an observer, in Selection of new IT Core Banking system.
Whistleblowing. Acting as a point of contact, and reporting to AGC of any reported cases during the year.
The Internal Audit Department shall establish and maintain a program of quality assurance designed to evaluate the operations of the department. The purpose of this program is to provide reasonable assurance, to the Audit & Governance Committee of ABG that all work performed by the department conforms to the guidelines under which the department operates. This program should include supervision, training, and internal reviews.
Internal reviews should (depending on the level of the department staff) be performed by members of the department on a routine basis to appraise the quality of work performed by the Internal Audit Department of the Unit.
The internal audit department of ABG, as part of its activities in performing the audit on each Unit, will review the audit function of the said Unit to ensure compliance with the group policies and procedures and to monitor the effectiveness and efficiency of the departments.
The audit function of ABG should be reviewed by an external consultant, who is not the external auditor of ABG, once every five years. Before the start of such assignment, the AGC should be advised, which will seek the approval of the Board.
It is also highly recommended that each Unit's management should make the same arrangement from an external advisor who is not their auditor, to have a plan for review of the effectiveness of the Internal Audit Department.
The head of Internal Audit Department of each Unit shall be in continuous contacts with the Head of Internal Audit Department of ABG discussing significant issues and must keep him informed of any irregularities.
To enhance the follow up process of the audit findings arising from audits being carried out by the internal audit team of ABG, it is important that the audit department of ABG participate in the meetings of audit committee of each Unit. Another purpose of this is to ensure these audit committees function effectively.
Such participation can be in-person in at least half of the annual meetings, and participation in the other meetings can be through video-conference.
Head of the internal audit department of ABG will participation in these meetings. Due to the large of the total of these, the head of the department can delegate one of the two senior auditors to participate in such meetings, preferably, the senior who was in-charge of the last audit of the Unit.
A management follow committee was established by the President & Chief Executive of ABG. The role of the committee is restricted to follow up on audit observations raised by ABG internal audit department.
This Charter should be reviewed at least once every three years. Such review should be presented to the Audit & Governance Committee of ABG for approval.
This Charter should be made available to all the auditees in all Units, and to all heads of departments in ABG.
Staff of the Internal Audit Department of ABG should have access to this Charter.
This Charter should be made available in the website of ABG, and regularly updated.