Scope of Activity
HC-6.5.28
The scope of internal audit activities must include the examination and evaluation of the effectiveness of the internal control, risk management and governance systems and processes of the entire bank, including the bank's outsourced activities and its subsidiaries (including SPVs) and branches.
Added: April 2018HC-6.5.29
The internal audit function must independently evaluate the:
(a) Effectiveness and efficiency of internal control, risk management and governance systems and processes created by the business units and support functions in the context of both current and potential or actual emerging risks and provide assurance on these systems and processes;(b) Reliability, effectiveness and integrity of management information systems and processes (including relevance, accuracy, completeness, availability, confidentiality and comprehensiveness of data);(c) Monitoring of compliance with laws and regulations, including any requirements from the CBB; and(d) Safeguarding of assets.Added: April 2018HC-6.5.30
The head of internal audit must establish, prior to year-end an annual internal audit plan. It must be based on a robust risk assessment (including direct or indirect input from
senior management and the board).Added: April 2018HC-6.5.31
The audit committee's approval of the audit plan also requires that an appropriate budget will be available to support the internal audit function's activities.
Added: April 2018HC-6.5.32
The scope of the internal audit function's activities must ensure adequate coverage of matters of regulatory interest within the audit plan.
Added: April 2018
