The objective of the Internal Audit function is to independently examine and evaluate the activities and assist the management in discharging their responsibilities, as a service to the Audit Committee. The Internal Audit Department will furnish them with analysis, recommendations, advices and reports concerning the activities examined.
The scope of the Internal Audit function includes the review of all activities of Company.
Areas to review include:
- adequacy of risk monitoring systems
- reliability and integrity of financial and other operating information
- adequacy and effectiveness of systems and controls
- compliance with policies, plans, procedures, laws and regulations
- safeguarding of assets
- economical and efficient use of resources
- effectiveness of functions against stated objectives and strategies
Internal Audit has a close relationship to, and may be involved with other evaluative and improvement functions, such as:
- special investigations;
- risk management; and
- corporate governance
The Head of Internal Audit is authorised to produce a plan/program of Internal Audit. In completing the plan/program, the internal auditor(s) are given full, free and unrestricted access to all facilities, records, information, property and personnel for the purposes of that audit.
The Head also should attend the management meetings to:
- report and update the progress of the Internal Audit Department
- grasp some knowledge of the development of the departments within the organisation
- give opinion (when necessary) on any issues highlighted
5. Organisational Relationships and Independence
5.1 Internal Audit Management and Staffing
The Head is responsible for the Internal Audit function and reports to the Group CEO with dotted line reporting to the Audit Committee. (Refer the attached Organization Chart)
In the case of engaging other staff within the group of companies, the permission of his/her manager will be required. In the case of engagement of a consultant, formal contractual arrangements are to be set in place in accordance with the company’s procedures. The Chairman of the Audit Committee must also be informed.
5.2 Relationship with Line Management
To preserve its independence and in order that it operates with objectivity, no staff involved in Internal audit shall have direct responsibility for, nor authority over, any of the activities subject to its review.
The conduct of an audit or the provision of advice by the internal auditors does not in any way diminish the responsibility of line management for the proper execution and control of their activities.
5.3 Relationship with the Audit Committee
The overall role of the Audit Committee Council is stipulated in its Terms of Reference. Its role as it relates specifically to the Internal Audit function includes:
- approval and review of the Internal Audit Plan;
- receiving, making comment on and, where appropriate, forwarding to the Board of Directors without amendment, the Internal Audit reports on major audits;
- considering and reviewing difficulties encountered with the conduct of internal audits and any restrictions placed on the scope of work or access to required information or personnel;
- ensuring that recommendations highlighted in internal audit reports are acted upon by management; and
- overseeing the Internal Audit function to ensure it is adequately resourced.
5.4 Relationship with External Audit
The Head will liaise with the External Auditors to:
- foster a co-operative and professional working relationship;
- reduce the incidence of duplication of effort;
- ensure appropriate sharing of information; and
- co-ordinate the overall audit effort.
In particular, the Head shall:
- discuss the annual Internal Audit Plan with the External Auditor to facilitate External Audit planning;
- make all Internal Audit working papers and reports available to the External Auditor;
- receive copies of all External Audit communications to Management;
- gain a knowledge of the External Audit program and methodology; and
- provide liaison, where appropriate, between External Audit and Management for the purpose of resolution of differences.
6. Competence and Standards
The Head of Internal Audit has to ensure that internal auditor(s) possess appropriate qualifications and experience in order to carry out internal audits with due care and skill.
The internal auditor(s) are to operate in accordance with the standards and practice statements issued by the Institute of Internal Auditors and other relevant professional bodies. They are also to observe the Code of Ethics of the Institute of Internal Auditors, which foster high standards of honesty, objectivity, diligence and loyalty.
6.3 Quality Assurance
The Head of Internal Audit is to maintain a process of review of the Internal Audit function to provide reasonable assurance that its work conforms with the relevant standards and with the requirements of this Charter. The review process is to be ongoing and is to include adequate supervision of work performed.
7. Audit Process
The audit process is to follow a planned approach based upon risk assessments. The planning framework comprises the following:
- An Internal Audit Annual Plan, which consists of objectives, priority, timing and resource requirement is to be prepared for each year, approved by Audit Committee
- An individual audit plan/program prepared for each audit review, approved by the Head of Internal Audit.
Audit working papers contain the principal evidence to support the Internal Audit report and they provide the basis for review of Internal Audit work. The internal auditor(s) are to employ an audit methodology, which requires the production of working papers, which document, at least, the following:
- examination and evaluation of the adequacy and effectiveness of internal controls;
- the audit procedures employed, the information obtained and the conclusions reached;
- reporting; and
Prior to the commencement of reviews, the Head of Internal Audit will normally advise the auditee on the audit purpose, scope and expected timing of the work. However, in the case of special investigations such prior notification may not be given where doing so may jeopardise the success of the investigation. In such an event, the prior approval of the Group CEO is required.
During the conduct of reviews, internal auditors are to consult, orally and/or in writing, with relevant staff to:
- ensure information gathered is accurate and properly interpreted
- allow auditee to make clarification to ensure the formation of a balanced judgment;
- ensure recommendations are cost effective and practicable; and
- keep auditee informed on the progress of the audit.
A written report is to be prepared, and issued by the Head of Internal Audit. The reports are to be submitted to the Group CEO, with copies to the Audit Committee and the auditee.
Audit reports are to include the coverage of:
- audit objectives;
- scope of coverage;
- conclusions on all key issues identified;
- recommendations; and
- action agreed upon (management response).
A follow-up report will be prepared for every audit after a maximum of six months from the finalisation of the initial audit report.
As well as providing reports on audits, the Head of Internal Audit will provide the Group CEO and the Audit Committee, with periodic reports on progress in terms of the Internal Audit Plan other significant matters.
8. Amendment of Charter
Amendment of this Charter is subject to the approval of Audit Committee.