To accomplish the objectives stated above, the Internal Audit Department of the Group, will perform the followings;
1. Develop a risk-based internal audit plan. The plan will cover audit of each Unit and departments within ABG taking into consideration the goals and objectives of the Group. This plan addresses two key areas (1) risk assessment results (2) Internal Audit resources. This plan should be submitted annually to the Group Board Audit Committee for its prior approval.
2. Review of policies and procedures.
3. Review the systems established to ensure compliance with these policies, plans, procedures, guidelines, which could have a significant impact on operations.
4. Review the adherence to these group policies and procedures, and to codes of conduct.
5. Review the means of safeguarding assets and, as appropriate, verify the existence of such assets.
6. Appraise the economy and efficiency with which resources are employed.
7. Review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
8. Review of bank's capital in relation to its estimate of risks (CAR).
9. Assess and evaluate the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
10. Review of the electronic information system and electronic banking services (IT audit).
11. Review the compliance to regulatory requirements (CBB regulations, local central bank regulations, UN regulations, and international practices for prevention of financial crimes and terrorism).
12. Review compliance to best international practices of Corporate Governance.
13. Providing independent appraisals and recommendations regarding the ability of each Unit to comply with applicable policies, plans, procedures, laws, and regulations with the aim of adequately safeguarding assets; using resources economically and efficiently; and accomplishing established objectives and goals through:
a) Conducting or participating in audits of profit and support centers within Head Office and at each Unit. The audit scope can include the following:
o Risk Assets reviews. This covers mainly credit review of financing portfolio on sampling basis, which includes credit transactions / financings to Corporate, financings to Small & Medium entities, Retail financings, exposures to Financial Institutions, Sovereign exposures, Sukuks, Investment & Trading portfolios if any. This also includes the review of Trade Finance activities, Letter of Guarantees and other Commitments and other banking services. This also covers the operational control aspects relating to processing and monitoring of these facilities / transactions. It also covers review of credit process. Horizontally, the review covers the whole cycle from initiation (the approval process) till expiry (repayments) of these transactions.
o Internal Controls within the Unit as a whole and other Support departments. It includes the review of the internal audit function, internal control function, financial control, risk management function, and others. But, it does not cover the work of HR and Admin department, unless a need arises.
o IT Audit. This audit is carried out by an IT auditor, who is part of the internal audit team of ABG. The review is based on best practice controls and the basic standards of ISO/17799/2700x. It covers the review of controls in the core-banking system, and any other separate ancillary system used, such as HR system, Trade Finance, E-Banking services, Windows, PCs, Internet, and the website of the unit. A separate audit report for this is issued and is included in the overall audit report of each unit.
o Corporate Governance & Compliance Audit. As part of the audit, a review of corporate governance practices and compliance to regulations is carried out. This will cover; Corporate Governance best practices, and a review of the compliance to Local regulations, CBB regulations, UN regulations, and international practices for the prevention of money laundering and financial crimes. This will cover regulations issued by OFAC of USA and the EU, the purpose of which is to distance the group from any possible accusation of non-respect to these regulations, which could lead to prevent the group from dealing in the currencies of these countries. The work will cover in particular regulations relating to AML/CFT, Sanctions, FATCA, and any similar new regulations such as the new CRTs.
o Risk Management. This will cover a review to evaluate the governance of the Board Risk Committee and the Risk management function of each unit.
o Site audit visits of branches. A few number (between two to four) of branches will be selected, and audited if operational risks is covered with the audit scope. The audit will be on-site.
o Follow-up of issues raised in our previous audits. Monthly follow up will be conducted by the follow up auditor on audit reports to ensure timely implementation of audit findings and reports such status to management.
o Scope. The scope of internal auditing shall encompass the examination and evaluation of the adequacy and effectiveness of the internal controls and the quality of performance in carrying out assigned responsibilities. The scope of each individual audit will be determined prior to commencement of such audits. The scope will be based on a risk assessment which of each Unit and of each department within Head Office.
b) Conducting special audits or special consultations/reviews requested by the Board of the Unit, by the Board of the Group, or by the GCEO. Such types of assignments will be conducted if they do not interrupt the already scheculded audits as per the internal audit plan leading to cancelation of any already scheduled audit already approved by the audit committee. If such request will lead to cancelation of any audit assignment, the approval of the audit committee must be obtained.
c) Investigating reported or suspected occurrences of fraud, embezzlement, theft, waste, and otherwise, and recommending controls to prevent and/or detect such occurrences.
14. Providing independent appraisals with recommendations regarding resource sharing, with an emphasis on program results and the economic and efficient use of resources.
15. Preparing an annual summary of all Internal Audit committee activities to be presented to the Board of Directors of the Group through the Group Board Audit Committee.