Your access and use of SAMA Regulatory Rulebook and its content is considered as an acceptance and approval of commitment by you without any limitation or condition to the following:
SAMA Regulatory Rulebook is a platform that aims to assist the regulated entities to access SAMA regulatory content adeptly and efficiently.
SAMA Regulatory Rulebook is still on its development and soft launch stage. SAMA is not liable for its contents and does not warrant or represent that (the Services related to the platform, information or material presented in the platform) is displayed free of any inaccuracies, omissions, or errors (“Faults”). SAMA accepts no liability for any loss, claim or damage resulting from any use of the platform, and any decisions made, or actions taken based on the information contained in or generated by the platform.
SAMA Regulatory Rulebook has no legal effect and it does not aim to amend or revoke any legal provisions. The Rulebook still Contains some documents under review, including translated versions. Therefore, SAMA Regulatory content circulated through SAMA official channels remains in force.
Without prejudice to the terms of use of SAMA website Hereby, you acknowledge that any illegal, unauthorized use and/or any breach of any of these provisions may result in legal actions against you.
The head of the unit is responsible for preparing the annual internal audit plan and its implementation schedules, and for seeking approval from the Audit Committee. When preparing the plan, a thorough risk assessment should be undertaken (considering inputs from executive management). The plan can be part of a multi-year plan, in which case it should be reviewed and updated annually aiming to respond to changes in the sector and in the bank's risk profile, or more frequently, throughout the year, to enable continuous and real-time assessment of areas where significant risks may arise.
47-
The annual audit plan should include a list of business units and activities subject to audit and risk assessment, with well-prepared documentation to ensure a systematic audit approach.
48-
In implementing the annual audit plan, audit work programs must include detailed audit procedures for each business unit subject to review, with sufficient clarifications regarding the scope of its relevance, surveys, and ensure coverage of all potential key or significant risks, control elements, and regulatory supervisory instructions. It should be taken into account that the assessment and analytical skills of internal auditors are essential to ensure a high quality of internal audit.
49-
A list of all supervisory expectations from the audit units must be compiled, and this requirement should be stipulated in their policy or procedures. This list, along with the required areas in the comprehensive audit framework, should serve as sources among others, such as the audit cycle, the bank’s most significant risks, new or emerging risk areas, and so on, for developing the annual internal audit plan. The frequency of audits, wherever specified by SAMA, must exceed the internal risk assessment conducted by the audit unit.
50-
Adequate resources must be available to support the unit in performing its duties, in accordance with the annual internal audit plan.
51-
The unit should periodically conduct a self-assessment of specific requirements from SAMA and other regulatory bodies. Capabilities should be developed, and sufficient resources allocated to these areas, ensuring adequate space for them in the internal audit plan.
