Principle (7): Scope of the Unit's Work
| No: 43037826 | Date(g): 1/12/2021 | Date(h): 26/4/1443 | Status: In-Force |
Effective from 2021-12-01 - Dec 31 2021
To view other versions open the versions tab on the right
| 62- | The general scope of the unit includes every unit in the bank and its affiliated entities (that do not have independent audit units or committees), covering all activities, operations, products, and services of the bank, as well as the limited specialized tasks that may be outsourced to external service providers, including the review and assessment of the effectiveness of the internal control system, risk management, governance, compliance, and supervisory requirements, as well as consulting services. The unit should evaluate the entire bank, including branches and affiliated entities. | ||
| 63- | The unit is responsible, independently within its scope and work plan, for evaluating the following: | ||
| 63-1 | The effectiveness and adequacy of internal control functions, risk management, and governance in the context of current and potential future risks, including committees. | ||
| 63-2 | The procedures established by business units and support units. | ||
| 63-3 | The reliability of management information system policies and procedures, including data relevance, accuracy, completeness, availability, confidentiality, and comprehensiveness. | ||
| 63-4 | The level of compliance with regulations, policies, and internal procedures of the bank. | ||
| 63-5 | The adequacy and effectiveness of asset protection procedures. | ||
| 63-6 | The adequacy and effectiveness of all reports and their preparation mechanisms. | ||
| 64- | Participate, upon request, in internal investigations that do not conflict with the unit's scope, duties, and responsibilities, as deemed necessary by the head of the unit. The audit committee should be provided with reports on such investigations. | ||
| 65- | In applying its scope of activities, the unit must cover regulatory and supervisory topics of significance in its audit plan according to the specified deadlines for each requirement or on at least an annual basis, unless the risk assessment for units requires a shorter period, for the following activities: | ||
Risk Management Unit
| 66- | The unit should primarily include the following in its plan concerning the Risk Management Unit: | ||
| 66-1 | Its organization and powers, including market, credit, liquidity, interest rate, operational, legal risks, and any other risks. | ||
| 66-2 | Assessment of risk tolerance, escalation of issues and decisions, and reporting on them. | ||
| 66-3 | The adequacy of policies and procedures for identifying, measuring, assessing, monitoring, and addressing emerging risks from the bank's activities, and reporting on them. | ||
| 66-4 | The integrity of its information systems, including the accuracy, reliability, and completeness of data used. | ||
| 6-5 | The approval and maintenance of risk models, including verifying the consistency, timeliness, independence, and reliability of the sources of information used in these models. | ||
| 66-6 | The degree of significant differences between its views and those of the executive management regarding the level of risks facing the bank. | ||
| 66-7 | The compliance of all business units and their employees with the internal authority matrix of the bank, and ensuring no authority is exceeded. | ||
Capital and Liquidity
| 67- | The unit must address all requirements of the regulatory framework for capital and liquidity within its scope of activities, particularly: | ||
| 67-1 | The internal capital adequacy assessment document and the internal liquidity assessment document. | ||
| 67-2 | Regulations for determining and measuring the bank's regulatory capital, assessing the adequacy of its capital resources relative to risk exposures, and the minimum indicators approved. | ||
| 67-3 | The process for conducting stress tests for capital and liquidity levels, considering the frequency of such tests, their purpose, the reasonableness of hypothetical scenarios, assumptions used, and the reliability of procedures. | ||
| 67-4 | The bank's instructions and procedures for measuring and monitoring liquidity conditions relative to its risk register, external environment, and minimum regulatory (supervisory) requirements. | ||
Regulatory (Supervisory) and Internal Reporting
| 68- | Evaluate the effectiveness of the process through which the Risk Unit and the relevant reporting unit communicate for issuing accurate, timely, and reliable reports, whether internally or for regulatory (supervisory) purposes. |
Compliance Unit
| 69- | Assess the scope of activities of the Compliance Unit and evaluate the effectiveness of its execution of responsibilities related to compliance risks. |
| 70- | Cooperate with the Compliance Unit in following up on tasks, responsibilities, and activities requested by the central bank from the audit unit, as specified in terms of format and timing. |
Governance
| 71- | Study the scope of governance activities at the bank, focusing on: | ||
| 71-1 | Evaluating the effectiveness of the unit responsible for governance in executing its responsibilities. | ||
| 71-2 | Reviewing all governance-related policies and procedures within the bank to ensure they align with regulations, rules, instructions, and updates, and assessing their implementation and effectiveness. | ||
| 71-3 | Ensuring the bank's compliance with all regulations from local supervisory authorities related to governance. | ||
| 71-4 | Ensuring the presence of an effective control system to prevent fraud within the bank. | ||
| 71-5 | The process of appointing bank representatives in its subsidiaries and ensuring there are policies and procedures governing this. | ||
Finance Unit
| 72- | The audit unit should include the following aspects in its scope of work: | ||
| 72-1 | The organization and powers of the Finance Unit. | ||
| 72-2 | The adequacy and integrity of financial data and the financial systems, instructions, and procedures, including the identification, monitoring, measurement, and reporting of key data (e.g., profit or loss, financial instrument valuations, provisions), including necessary changes in accordance with international accounting standards and international financial reporting standards. | ||
| 72-3 | The approval and maintenance of pricing models, including verifying the consistency, timeliness, independence, and reliability of information sources used in these models. | ||
| 72-4 | The controls in place to prevent and detect violations. | ||
| 72-5 | Controls on the balance sheet, including reconciliation processes and procedures (e.g., adjustments), regulatory tasks and activities, and other ongoing activities that the audit units must review periodically, as documented in the comprehensive audit procedures and framework, along with the required compliance timing. Examples include, but are not limited to: information security (cybersecurity), business continuity, anti-money laundering and counter-terrorism financing, dormant accounts, and others currently and in the future. | ||