Section One: Definitions, General Provisions and Scope of Application
1. Definitions
For the purpose of applying the provisions of these Principles, the following terms and phrases, wherever mentioned in this document, shall have the meanings assigned to them unless the context otherwise requires.
Term
Definition
SAMA
The Saudi Central Bank.
Principles
The Internal Audit Principles for Finance Companies and Real Estate Refinance Companies.
Law
The Finance Companies Control Law.
Regulations
The Implementing Regulation of the Finance Companies Control Law.
Company
The finance companies and the real estate refinance companies licensed by SAMA.
Board
The Company’s board of directors.
Executive Management
Individuals who run the Company’s daily business, propose and implement strategic decisions, and are considered senior management.
Department
The internal audit department whose director and employees assume internal audit duties and responsibilities in the Company.
Department Director
The person in charge of the internal audit department in the Company.
Internal Auditors
The employees in the Department who are primarily in charge of internal auditing.
Internal Audit Functions
An independent function that provides assurance and objective consulting on the quality, adequacy and effectiveness of the Company’s internal control system. This is achieved by following a systematic and disciplined approach to review the accounting, financial and operational processes, among others, and evaluate and improve the effectiveness of governance, risk management and control processes.
Internal Audit Policy
A formal document prepared by the Department Director and approved by the Board. It contains the items mentioned in Principle 7.
Independance
The freedom from conditions that threaten the ability of the Department to carry out its duties and responsibilities in a professional, objective and unbiased manner.
Objectivity
The unbiased, fact-based professional attitude that allows Internal Auditors to perform their duties in such a manner that they believe in their work product. Additionally, the freedom from material interference or influence from outside the Department or from one’s ideology and personal feelings.
Conflict of Interest
The situation(s) in which the Department Director/Internal Auditor directly or indirectly has an interest or relation in a subject under consideration where they have to make a decision. Such interest or relation may affect the objectivity, independence or impartiality of their decision.
First Line
Business units in charge of identifying, assessing and managing their activity risks in early stages and on an ongoing basis, and take such risks within permissible limits.
Second Line
control and support units, such as risk management, compliance, legal and Sharia (if any), financial and IT departments related to business units that are responsible for comprehensively and systematically ensuring that the business units in the First Line have identified and are effectively managing their business risks.
Third Line
The internal audit department that is responsible for providing independent and objective assurance and advice on the adequacy and effectiveness of governance, risk management, oversight, controls, policies and procedures implemented by the First and Second Lines and boosting confidence in them as well as providing the Audit Committee with reasonable assurance that the policies and procedures are in line with established expectations.
Stakeholders
Anyone who has a direct or indirect interest in the Department, in particular: the Board, Audit Committee, Executive Management, business units, external auditors, external consultants, shareholders, investors and customers.
Laws
The laws that apply to the Company and its employees.
Instructions
All binding regulations, rules, principles, frameworks, guidelines and circulars issued by SAMA, in exercise of its role as a regulatory and supervisory authority, and other competent entities.
2. General Provisions
2.1 These Principles are aimed to:
a. Enhancing internal control and improving the Company's operations and business, taking into account that the methods by which these Principles are applied depend on many factors, including the Company’s size, type, and nature and complexity of business.
b. Setting the minimum requirements to enable the Department to perform its tasks efficiently and optimally.
2.2 These Principles shall not prejudice the requirements imposed on the Company under relevant laws, regulations and instructions, including but not limited to the following:
- The Finance Companies Control Law and its Implementing Regulations.
- The Real Estate Finance Law and its Implementing Regulations.
- The Rules on Outsourcing for Finance Companies.
- The Anti-Fraud Rules for Finance Companies.
- The Rules Governing Real Estate Refinance Companies.
- The Rules for Engaging in Debt-Based Crowdfunding.
- The Rules for Regulating Buy-Now-Pay-Later (BNPL) Companies.
- The Key Principles of Governance in Financial Institutions under the Control and Supervision of SAMA.
- The Code of Conduct and Work Ethics in Financial Institutions.
- The Requirements for Appointments to Senior Positions in Financial Institutions Supervised by SAMA.
- The Cyber Security Framework.
- The Information Technology Governance Framework.
- The Whistle Blowing Policy for Financial Institutions.
2.3 Best local and international internal audit standards issued by relevant entities must be followed in a manner that does not contradict these Principles and the instructions issued by SAMA.
- The Finance Companies Control Law and its Implementing Regulations.
3. Scope of Application
3.1 The provisions of these Principles shall apply to finance companies and real estate refinance companies.
3.1 The Provisions of these Principles shall serve as a guide to finance support companies and financial lease contract registration companies. SAMA may, at any time, require applying all or some of these Principles.