2- Definitions
| No: 43037826 | Date(g): 1/12/2021 | Date(h): 26/4/1443 | Status: In-Force |
Effective from 2021-12-01 - Dec 31 2021
To view other versions open the versions tab on the right
The following terms wherever they appear in these principles are intended to have the meanings specified next to each of them, unless the context requires otherwise:
| Term | Definition |
| central bank | Saudi Central Bank. |
| Bank | Local commercial banks and financial institutions licensed to conduct banking operations in the Kingdom. |
| Board | Board of Directors of the bank. |
| Audit Committee | One of the committees formed by the council, established by a decision from the ordinary general assembly |
| Executive Management | The bank's senior management, who are responsible for managing the bank's daily operations, proposing strategic decisions, and implementing them. |
| Unit | The internal audit unit in the bank, which is overseen by its head and staff responsible for internal auditing tasks and responsibilities |
| Head of the Unit | The person responsible for managing the unit. |
| Internal Auditors | The staff in the unit responsible for carrying out the tasks and responsibilities of internal auditing. |
| Principles. | Principles of internal auditing for local banks operating in the Kingdom of Saudi Arabia. |
| Internal Audit Function | An independent evaluation activity that provides objective assurance and consulting services on the quality, adequacy, and effectiveness of the bank's internal control system. This involves a systematic, organized approach to auditing accounting, financial, operational processes, and more, and assessing and improving governance, risk management, and control effectiveness. |
| Internal Audit Policy | The official document approved by the Board that defines and clarifies the unit's purpose, scope of activity, organizational position, functional and administrative references, responsibilities, authority, relationships with other units, and the principles and methodology the bank follows regarding internal control. It also grants access to records, staff, and physical assets necessary to perform its duties. |
| Regulations and Rules | The regulations and rules that apply to the banking sector and its members. |
| Instructions | All that is issued by the central bank in its supervisory and regulatory capacities over the banking sector, as well as what is issued by relevant authorities in terms of regulations, rules, principles, frameworks, guidelines, and mandatory circulars |
| Independence. | Free from circumstances and conditions that affect the unit's ability to perform internal auditing tasks and responsibilities in a professional, objective, and unbiased manner. |
| Conflict of interest. | The situation or situations in which the head of the unit and its staff have, or appear to have, a direct or indirect interest or relationship in a matter under consideration by this person/people: for the purpose of making a decision regarding it, such that this interest or relationship prevents or leads to the belief that it has hindered their ability to express their opinion or make their decision independently, impartially, and objectively, without regard to this interest or relationship. |
| Objectivity | Neutral professional behavior based on facts that enables internal auditors to perform their tasks in a way that assures them of the quality of their work and its desired outcomes, without any substantial interference or influence from outside the unit affecting its quality or being swayed by personal beliefs and emotions |
| Consulting services. | These are the consultations carried out at the specific request of one of the units in the bank |
| First line of defense. | Business units responsible for identifying, assessing, and managing the risks of their activities early and continuously, and accepting those risks within acceptable limits. |
| Second line of defense | Regulatory units and support units such as risk management, compliance, legal, Sharia (if applicable), finance, and technology related to business units, responsible for verifying through a comprehensive and systematic perspective that the business units in the first line of defense have appropriately identified and managed their business risks |
| Third line of defense. | The internal audit unit – the unit responsible for independently and objectively evaluating and confirming the adequacy and effectiveness of governance, risk management, controls, policies, and procedures implemented by the first and second lines of defense, enhancing confidence in them, and providing the executive management with reasonable assurance that the policies and procedures align with the specified expectations |
| Stakeholders | All those with a direct interest in the unit, specifically: the board, the audit committee, executive management, business units in the bank, external auditors, external consultants, and others. Indirectly, this includes: shareholders, investors, and clients. |