Principle (8): Relationship Between the Compliance Unit and the Internal Audit Unit
| No: 42005223 | Date(g): 15/9/2020 | Date(h): 28/1/1442 | Status: In-Force |
Translated Document
Internal Audit Activities
| 87- | The activities and scope of the Compliance Unit should be subject to periodic review by the Internal Audit Unit. | |
| Independence of Both Units | ||
| 88- | The Compliance Unit and the Internal Audit Unit should be separate and independent within the bank. One of the primary responsibilities of the Compliance Unit is to monitor the bank's adherence to compliance rules. The Internal Audit Unit has a broader scope of responsibilities. Although there may be some overlap between the responsibilities of the two units in certain areas, each unit operates independently and any overlap should not impact the functioning of either unit. | |
| Review of Compliance Unit Activities | ||
| 89- | To assess the efficiency and effectiveness of the Compliance Unit, non-compliance risks should be included in the risk assessment methodology adopted by the Internal Audit Unit. A periodic review program of the Compliance Unit’s activities should be established, including testing controls that align with the level of potential risks, in accordance with the requirements of these principles. | |
| Integration in Risk Assessment | ||
| 90- | It is important to have a clear understanding within the bank regarding how the activities of risk assessment and testing are divided between the two units, and this should be documented in the bank’s compliance policy. The Internal Audit Unit should inform the head of Compliance Unit the audit results related to compliance within the bank. | |
| Monitoring the Compliance of the Internal Audit Unit | ||
| 91- | The Compliance Unit plays a crucial role in monitoring the compliance process within the bank, which includes overseeing that the Internal Audit Unit carries out the tasks, responsibilities, and activities as required by SAMA in the specified manner and timeframe. | |
| Oversight from a Specific Perspective | ||
| 92- | For further clarification regarding the role of both the Compliance Unit and the Internal Audit Unit as two independent entities, both the Compliance Unit and the Internal Audit Unit are responsible for overseeing the bank's activities, but each has its own perspective on oversight. The Compliance Unit focuses on identifying and clarifying the regulations, instructions, policies, and procedures that need to be implemented in the bank, ensuring that these are incorporated into the approved policies, procedures, and work programs, and continuously verifying that these policies and procedures are actually followed and effective in mitigating non-compliance risks, with regular updates. The role of the Internal Audit Unit involves conducting field and documentation audits on all bank units through sampling or comprehensive coverage, continually monitoring the internal control systems of the bank, and assessing compliance with the policies and procedures that the Compliance Unit has worked to implement and assist in preparing, based on regulations, instructions, and guidelines. | |