Risk-Based Internal Audit Plan
| No: 43037826 | Date(g): 1/12/2021 | Date(h): 26/4/1443 | Status: In-Force |
Translated Document
Effective from 2022-01-01 - Dec 31 2021
To view other versions open the versions tab on the right
| 46- | The head of the unit is responsible for preparing the annual internal audit plan and its implementation schedules, and for seeking approval from the Audit Committee. When preparing the plan, a thorough risk assessment should be undertaken (considering inputs from executive management). The plan can be part of a multi-year plan, in which case it should be reviewed and updated annually, or more frequently if necessary, to respond to changes in the sector and the bank's risk register, or to conduct a continuous and timely assessment of areas with significant risks. |
| 47- | The annual audit plan should include a list of business units and activities subject to audit and risk assessment, with well-prepared documentation to ensure a systematic audit approach. |
| 48- | The implementation of the annual audit plan should include detailed audit programs for each business unit subject to audit, with sufficient explanations regarding the scope of the audit. It should cover all fundamental or significant risks, control elements, and supervisory regulatory instructions. The assessment and analytical skills of internal auditors are essential to ensure high-quality internal audits. |
| 49- | A list of all supervisory expectations from audit units should be compiled and documented in the unit's policies or procedures. This list and the required areas within the comprehensive audit framework should serve as sources, among others, such as based on the audit cycle, major risks faced by the bank, new or emerging risk areas, etc., to develop the annual internal audit plan. The frequency of audits should exceed that set by the central bank and be based on the internal risk assessment conducted by the audit unit. |
| 50- | Adequate resources must be available to support the unit in performing its duties, in accordance with the annual internal audit plan. |
| 51- | The unit should periodically conduct a self-assessment of specific requirements from the central bank and other regulatory bodies. Capabilities should be developed, and sufficient resources allocated to these areas, ensuring adequate space for them in the internal audit plan. |