3. General Provisions
| No: 43037826 | Date(g): 1/12/2021 | Date(h): 26/4/1443 | Status: In-Force |
Translated Document
Effective from 2022-01-01 - Dec 31 2021
To view other versions open the versions tab on the right
| 3-1 | The general purpose of these principles is to establish the minimum requirements necessary for the internal audit function to perform efficiently and optimally within a unified, comprehensive, and robust framework. This framework serves as a tool to enhance self-regulation and lay the foundations for performing internal audits and improving the bank's operations and activities. The methods for implementing these principles depend on various factors, including: the size of the bank, the complexity of its operations, its geographical scope, regulatory framework, and the instructions it operates within. | ||
| 3-2 | The primary objectives of these principles are: | ||
| 1) | To protect the bank's assets, continuously ensure the soundness, adequacy, and effectiveness of processes, and the accuracy and reliability of reports, especially financial reports prepared for various purposes and stakeholders. This includes instilling confidence in these reports, enhancing the data contained within them, and protecting the interests of stakeholders. | ||
| 2) | To enhance compliance with the requirements of regulatory and supervisory authorities, ensuring that the bank and its employees adhere to laws, regulations, and instructions. | ||
| 3-3 | The internal audit function represents the third and final line of defense in the three lines of defense model. It is directly accountable to the Board and Audit Committee on a continuous and ongoing basis for evaluating and confirming the adequacy and effectiveness of governance, risk management, and control processes, as well as the policies and procedures implemented by the first and second lines of defense. This line of defense enhances confidence in it and contributes to the improvement of these processes through a structured risk-based approach, optimizing resource use by directing audit activities towards the bank's most significant and high-risk areas. It performs these activities objectively, considering the defined strategies and goals. The importance of this line of defense is bolstered by its independence, which strengthens its objectivity and credibility, ensures proactive effectiveness, provides new insights, identifies future impacts, and promotes appropriate ethics and values, thereby giving executive management reasonable assurance that policies and procedures align with defined expectations. | ||
| 3-4 | These principles do not alter the requirements imposed on banks by other relevant regulations, laws, and instructions. | ||
| 3-5 | SMA has issued several instructions related to internal audit requirements, and these principles should be read alongside them, as applicable, including but not limited to: | ||
| 1) | Key Principles of Governance in Financial Institutions under The Central Bank's supervision and control. | ||
| 2) | Principles of conduct and Work Ethics in financial institutions. | ||
| 3) | Principles of Compliance for Commercial Banks Operating in the Kingdom of Saudi Arabia. | ||
| 4) | Anti-Money Laundering and Counter-Terrorism Financing Guide. | ||
| 5) | Rules for Bank Account. | ||
| 6) | Regulatory rules for the operation of self-regulation units and committees. | ||
| 7) | Principles of financial fraud prevention in banks operating in the Kingdom. | ||
| 8) | Shariah Governance Framework for local banks operating in Saudi Arabia. | ||
| 9) | Whistleblowing Policy for financial institutions. | ||
| 10) | Risk Management Instructions. | ||
| 11) | Rules on Outsourcing. | ||
| 12) | Cyber Security Framework. | ||
| 13) | Business Continuity Management Framework. | ||
| 14) | Information Technology Governance Framework. | ||
| 3-6 | The internal audit function is subject to international attention, with various international bodies and organizations issuing guidance on it. These should be referenced and consulted, including but not limited to: | ||
| 1) | Basel Committee on Banking Supervision (BCBS). | ||
| 2) | Institute of Internal Auditors (IIA). | ||
| 3) | Committee of Sponsoring Organizations of the Treadway Commission (COSO). | ||