Section Two: Duties and Responsibilities of the Board, Audit Committee and Executive Management toward Internal Audit
Principle 1: Duties and Responsibilities of the Board toward Internal Audit Function
1. Taking into account the Board’s duties and responsibilities contained in SAMA’s instructions and the relevant laws and regulations, the Board shall be responsible for the following:
a. Following up on any developments in SAMA’s internal audit laws, regulations and instructions.
b. Ensuring the independence of the internal and external auditors and the accuracy and integrity of the information and data to be disclosed in line with disclosure and transparency requirements.
2. Without prejudice to the Audit Committee's independence in performing its work separately from the Board’s work, the Board shall be responsible for the effective supervision of the Audit Committee and the follow-up on its work and duties.
3. In relation to the duties and responsibilities of the Executive Management toward internal audit, the Board shall be responsible for the following:
a. Ensuring that the Executive Management has established and maintained an appropriate, efficient and effective internal control framework that is able to identify, measure, monitor and manage all risks to which the company is exposed.
b. Reviewing the effectiveness and efficiency of the internal controls based on the information provided by the Audit Committee and Executive Management.
4. Taking into account the Board’s duties and responsibilities contained in SAMA’ instructions and other relevant instructions, the Board’s responsibilities toward the Department include ensuring the following on an ongoing basis:
a. All necessary measures are taken to ensure the independence and effectiveness of the Department and that its policy is regularly updated.
b. The Department’s human and financial resources are adequate and proportionate to the size and nature of the Company’s business based on the recommendation of the Audit Committee.
Principle 2: Duties and Responsibilities of the Audit Committee toward Internal Audit Function
1. Taking into account its duties and responsibilities contained in the relevant laws and instructions, the Audit Committee shall be responsible for the following:
a. Making recommendations to the Board on approving the Department’s organizational structure and reviewing it regularly as needed.
b. Making recommendations to the Board on the appointment, reappointment or dismissal of the Department Director and proposing their remuneration.
c. Following up on the implementation of the Department Director’s plan to attract human resources and evaluate its suitability, and ensuring the Department is appropriately staffed in terms of numbers, qualifications and skills according to the plan, taking into account that all employees of the Department as a whole have the necessary competencies to perform its tasks.
d. Reviewing and approving the internal audit plan prepared by the Department Director or the outsourced service provider, if any, including the scope of the plan and the allocated budget.
e. Reviewing internal and external audit reports and submitting recommendations in their regard to the Board.
f. Reviewing the Department's performance to verify its ability to perform its responsibilities independently and objectively.
g. Adopting KPIs for the Department Director and evaluating their performance.
h. Ensuring the Department Director’s integrity; ability to perform duties honestly, diligently, and responsibly; adherence to the laws, regulations, and instructions; and freedom from conviction of crimes that impinge on honor or integrity, unless they have been rehabilitated.
i. Ensuring that the Executive Management takes the necessary corrective measures in a timely and appropriate manner to address weaknesses in control and issues of compliance with policies, laws, instructions, and other violations, observations, and shortcomings that the Department identifies and makes recommendations on.
Principle 3: Duties and Responsibilities of the Executive Management toward Internal Audit Function
1. Taking into account its duties and responsibilities contained in the relevant laws and instructions, the Executive Management shall be responsible for the following:
a. Implementing internal control and risk management systems, including the conflict of interest policy, in addition to ensuring the effectiveness and efficiency of such systems and compliance with the risk level approved by the Board.
b. Granting the Department complete and exclusive authority to access records, reach individuals and systems, and be provided with information, data and clarifications necessary to perform its tasks timely and appropriately as described in the Internal Audit Policy.
c. Informing the Department of any developments, initiatives, projects, products, new operational changes, and any amendments to the Company's policies and procedures.
d. Ensuring that all relevant risks (known or expected) are identified and reported to the Department at an early stage.
e. Sharing its assessment of various risks with the Department to allow it to plan the audit according to the risk-based approach.
f. Taking appropriate measures and corrective actions in a timely and appropriate manner regarding all findings and recommendations received from the Department.
g. Encouraging the invitation of the Department representatives to attend the meetings of various administrative committees as a standing invitee without having the right to vote on decisions.
h. Adding an indicator to the performance indicators of the Executive Management that reflects its interaction with the Department’s feedback in the appropriate time and manner.