| 3-1 | The general purpose of these principles is to establish the minimum requirements necessary for the internal audit function to perform efficiently and optimally within a unified, comprehensive, and robust framework. This framework serves as a tool to enhance self-regulation and lay the foundations for performing internal audits and improving the bank's operations and activities. The methods for implementing these principles depend on various factors, including the size of the bank, the complexity of its operations, its geographical scope, regulatory framework, and the instructions it operates within. |
| 3-2 | The primary objectives of these principles are: |
| | | 1) | To protect the bank's assets, continuously ensure the soundness, adequacy, and effectiveness of processes, and the accuracy and reliability of reports, especially financial reports prepared for various purposes and stakeholders. This includes instilling confidence in these reports, enhancing the data contained within them, and protecting the interests of stakeholders. |
| | | 2) | To enhance compliance with the requirements of regulatory and supervisory authorities, ensuring that the bank and its employees adhere to laws, regulations, and instructions. |
| 3-3 | The internal audit function represents the third and final line of defense in the three lines of defense model. It is directly accountable to the Board and Audit Committee on a continuous and ongoing basis for evaluating and confirming the adequacy and effectiveness of governance, risk management, and control processes, as well as the policies and procedures implemented by the first and second lines of defense. This line of defense enhances confidence in and contributes to the improvement of these processes through a structured risk-based approach, optimizing resource use by directing audit activities towards the bank's most significant and high-risk areas. It performs these activities objectively, considering the defined strategies and goals. The importance of this line of defense is bolstered by its independence, which strengthens its objectivity and credibility, ensures proactive effectiveness, provides new insights, identifies future impacts, and promotes appropriate ethics and values, thereby giving executive management reasonable assurance that policies and procedures align with defined expectations. |
| 3-4 | These principles do not alter the requirements imposed on banks by other relevant regulations, laws, and instructions. |
| 3-5 | The Central Bank has issued several instructions related to internal audit requirements, and these principles should be read alongside them, as applicable, including but not limited to: |
| | | 1) | The principal governance principles for financial institutions under the Central Bank's supervision and control. |
| | | 2) | Principles of conduct and business ethics in financial institutions. |
| | | 3) | Compliance principles for banks and commercial banks operating in the Kingdom of Saudi Arabia. |
| | | 4) | Anti-Money Laundering and Counter-Terrorism Financing Guide. |
| | | 5) | Banking Account Rules. |
| | | 6) | Regulatory rules for the operation of self-regulation units and committees. |
| | | 7) | Principles of financial fraud prevention in banks operating in the Kingdom. |
| | | 8) | Islamic Governance Framework for local banks operating in the Kingdom. |
| | | 9) | Internal Whistleblowing Policy for financial institutions. |
| | | 10) | Risk Management Instructions. |
| | | 11) | Third-Party Assignment Instructions. |
| | | 12) | Information Security Regulatory Guide. |
| | | 13) | Business Continuity Regulatory Guide. |
| | | 14) | Information Technology Governance Regulatory Guide. |
| 3-6 | The internal audit function is subject to international attention, with various international bodies and organizations issuing guidance on it. These should be referenced and consulted, including but not limited to: |
| | | 1) | Basel Committee on Banking Supervision (BCBS). |
| | | 2) | Institute of Internal Auditors (IIA). |
| | | 3) | Committee of Sponsoring Organizations of the Treadway Commission (COSO). |
