The independent review functions are the audit and compliance functions and the staff occupying these functions must be competent and appropriately trained and not be involved in the development, implementation and operation of the operational risk Framework (for example, internal audit and compliance must not be involved with the setting of risk appetite or risk tolerance, but internal audit should be reviewing the robustness of the process of how these limits are set and why and how they are adjusted in response to changing circumstances). Internal Audit should independently verify that the Framework has been implemented as intended and is functioning effectively. Internal audit coverage should include opining on the overall appropriateness and adequacy of the Framework and the associated governance processes across the bank. Internal audit should not simply be testing for compliance with board approved policies and procedures, but should be evaluating whether the Framework meets organisational needs and supervisory expectations. More details on the Internal Audit Function and the Role of the Audit Committee are to be found in Chapter HC-3.