Risk Assessment Methodology
| No: 43037826 | Date(g): 1/12/2021 | Date(h): 26/4/1443 | Status: In-Force |
Translated Document
Effective from 2022-01-01 - Dec 31 2021
To view other versions open the versions tab on the right
| 45- | The risk assessment methodology should include the following: | ||
| 45-1 | Documented and detailed guidelines that outline and assist internal auditors in classifying risks when preparing each observation. | ||
| 45-2 | Documented and detailed guidelines for assessing risks in the overall audit report. | ||
| 45-3 | Identification of quantitative and qualitative factors necessary to facilitate understanding and consistent application by audit staff. | ||
| 45-4 | Classification of internal violation reports from the bank—of which the audit unit should receive copies—based on their risk level and the extent of compliance with reaching the competent authority in the bank and their documentation. | ||
| 45-5 | All instances of non-compliance with central bank instructions should be classified as high risk unless the non-classification is supported by specific justifications approved by the compliance unit. These justifications should be based on a risk classification mechanism that includes the size and impact of the non-compliance. | ||