Back Custom print Link Text Only Rich Text Print

  • Relationship with Internal Audit

    • HC-6.4.37

      The scope and breadth of the activities of the compliance function must be subject to periodic review by the internal audit function.

      Added: January 2019

    • HC-6.4.38

      Compliance risk must be included in the risk assessment methodology of the internal audit function, and an audit programme that covers the adequacy and effectiveness of the bank's compliance function should be established, including testing of controls commensurate with the perceived level of risk.

      Added: January 2019

    • HC-6.4.39

      The compliance function and the internal audit function must be separate, to ensure that the activities of the compliance function are subject to independent review. It is important, therefore, that there is a clear understanding within the bank as to how risk assessment and testing activities are divided between the two functions, and that this is documented (e.g. in the bank's compliance policy or in a related document such as a protocol). The internal audit function must, of course, keep the head of compliance informed of any audit findings relating to compliance.

      Added: January 2019