The Department Director shall develop a risk-based internal audit plan and the timetable for its implementation. The plan must be approved by the Audit Committee and updated annually, provided that it includes the following, as a minimum:
a.
It provides risk assessment and identifies the resources needed to implement the plan.
b.
It takes into account the inputs of the Executive Management and what is received from the Board during the development of the plan.
c.
It considers the expectations of the Executive Management, the Board, and Stakeholders in the Company relating to internal audit functions.
d.
It provides a list of business units and activities that are subject to audit during the year, which must include as a minimum: the risk management, compliance, collection, and credit departments (at least annually) and the customer care department (semi-annually), taking into account that the audit of the customer care department and the collection department does not apply to real estate refinance companies.
e.
It accepts advice aimed at improving risk management and operational processes in the Company, and it reflects the advice taken.
