1. Mission Statement
The Mission of the Internal Audit Unit of FFA Private Bank SAL is to assist members of Board of Directors and management in the effective discharge of their duties and responsibilities. To this end, the Internal Audit Unit will provide independent assurance to the Chairman of FFA Private Bank SAL’s Board of Directors that all significant and material corporate governance matters and business risks are being appropriately controlled through furnishing them with analyses and recommendations, counsel and information.
The objectives of the Internal Audit Unit of FFA Private Bank are:
- To provide advice to the Chairman of FFA Private Bank SAL and Board of Directors on all aspects of corporate governance across FFA Private Bank SAL, and independent assurance on the compliance with FFA Private Bank SAL corporate governance guidelines;
- To provide independent assurance to the Chairman of FFA Private Bank SAL and Board of Directors by performing and issuing internal audit reports covering on the adequacy and appropriations of FFA Private Bank SAL to control and manage its business risks;
- To provide independent assurance to the Chairman of FFA Private Bank SAL and Board of Directors by performing and issuing internal audit reports on the compliance with the BDL & BCC requirements;
- To provide assistance to managers and senior management in carrying out their internal control responsibilities including matters of risks, policies, procedures and compliance;
- To reduce any unnecessary risk exposure across FFA Private Bank SAL by assuring control mechanisms are appropriate for levels of risk;
- To provide advice to benchmark the effectiveness and efficiency of control processes;
- To share effective and efficient risk management and control processes within FFA Private Bank SAL.
The following objectives reflect the Standards of the Institute of Internal Auditors definition of an Internal Audit Unit.
“Independent, objective assurance and consulting services designed to add value and improve FFA Private Bank SAL’s operations. It will help FFA Private Bank SAL in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance process.”
3. Scope of Work
3.1 FFA Lebanon
The scope of the work of the Internal Audit Unit shall include all programs, activities, group divisions, and departments administered by FFA Private Bank SAL. The Internal Audit Unit shall determine whether the FFA Private Bank SAL networks of risk management, control and governance processes, as designed and represented by management, are adequate and functioning in a manner to acknowledge that:
- Risks are appropriately identified, quantified and their impact assessed;
- Risk management systems and procedures is reliable and integral;
- FFA Private Bank SAL is complying with risk policies in terms of reviewing and assessing credit, market, and operational risks;
- Appropriate policies and procedures have been developed to manage the identified risks;
- FFA Private Bank SAL’s and client’s assets are safeguarded;
- Proper due diligence is conducted on sub-custodians and correspondents;
- Interaction with the various governance groups occurs as required;
- Significant financial, managerial, and operating information is accurate, reliable, and timely;
- Activities are in compliance with policies, standards, procedures and applicable BDL & BCC regulations;
- Resources are acquired economically, used efficiently and protected adequately;
- Programs, plans and objectives are achieved;
- Quality and continuous improvement are fostered in FFA Private Bank SAL’s control process; and
- Significant legislative or regulatory issues impacting FFA Private Bank SAL are recognized and addressed appropriately.
Opportunities for improving operations, management control system, and FFA Private Bank SAL image may be identified during audit assignments. They will be communicated to the appropriate level of management.
3.2 FFA (Dubai) Limited
The IAU shall coordinate with FFA (Dubai) Limited Chief Executive Officer (CEO) in order to assess the adequacy of the overall financial control environment, assess the adequacy of key financial and accounting internal controls, evaluate compliance with significant corporate policies and procedures, and identify opportunities for process and internal control improvement.
3.3 FFA Real Estate s.a.l.
The IAU’s scope of work shall encompass reviewing of FFA Real Estate s.a.l.’s compliance with internal regulations, policies and procedures as well as with significant laws governing its activities, assessing and evaluating overall risk environment and identifying areas for process, due diligence and corporate governance improvement.
For the purpose of its work, the Internal Audit Unit has unrestricted access at any time to all the records, personnel, property and operations of FFA Private Bank SAL. The Internal Audit Unit has responsibility for the safekeeping and confidentiality of all information provided and can obtain necessary assistance of personnel in units of FFA Private Bank SAL where they perform audits, as well as other specialized services from within or outside FFA Private Bank SAL.
The HIA reports functionally to the Chairman & General Manager of FFA Private Bank SAL.
The HIA is required to report to the Board of Directors copied to the Chairman & General Manager any matters that may identify during the work that involves either fraud, or significant breaches of laws and regulations.
The Chairman of the Board of Directors reviews the authority, scope of work and resources of the Internal Audit Unit on a regular basis to confirm these remain appropriate. Changes to the Internal Audit Charter are to be approved by the Board of Directors.
The Internal Audit Unit is not authorized to:
- Perform any operational duties within FFA Private Bank SAL;
- Initiate or approve accounting transactions external to the Internal Audit Unit;
- Direct the activities of any employee not employed by the Internal Audit Unit, except to the extent such employees have been appropriately assigned to auditing teams or otherwise to assist internal auditor.
The detailed annual audit plan developed by the Internal Audit Unit will be approved by the FFA Private Bank SAL’s Board of Directors. The audit universe for FFA Private Bank SAL shall be identified and completely covered once every three years.
Internal Audit reports will be presented by the HIA to the FFA’s Board of Directors and copied to the Chairman & General Manager. An executive summary of all internal audit reports will be presented to the Chairman and members of the Board of Directors at year-end.
The HIA in the discharge of her/his duties shall be accountable to the FFA Private Bank SAL’s Board of Directors to:
- Prepare an annual audit plan that is based on an assessment of the risks and challenges facing FFA Private Bank SAL, and that considers the effectiveness of FFA Private Bank SAL processes to manage the identified risks;
- Execute the annual audit plan approved by the Board of Directors, and for each area reviewed, issue an internal audit report detailing the significant issues related to the processes reviewed for controlling the activities of FFA Private Bank SAL, including potential improvements to those processes and to issues;
- Periodically provide information on the status and results of the annual audit plan and the sufficiency of unit resources;
- Report on the status of the implementation of agreed actions in internal audit reports by performing follow up and by issuing follow-up reports, on a quarterly basis, highlighting significant outstanding issues previously reported;
- Coordinate with and provide oversight of other control and monitoring functions.
The internal audit unit has responsibility to:
- Develop a flexible risk-based annual audit plan, covering the whole system of internal controls, through discussion with senior management and taking into account FFA Private Bank SAL’s risks, major projects, significant areas of change and specific management requests, and submit that plan for review and approval by the Chairman and members of the Board of Directors, then implement the risk-based annual audit plan. If in the opinion of the internal audit manager, changes are required to the approved annual audit plan to address changes in risks / new risks. A summary of such changes together with the justification shall be channeled through the HIA for approval and then presented to the Board of Directors;
- Determine that IAU discharges its duties in accordance with the standards and code of ethics published by the IIA.
- Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications or outsource the needed skills and capabilities to meet the requirements of this charter;
- Issue a formal report at the end of each assignment after full discussion with the management of the area audited, together with agreed management action plans and an executive summary. The report will be issued to the Board of Directors and copied to the Chairman & General Manager;
- Follow up audit findings to determine weaknesses identified in internal controls have been effectively addressed;
- Issue periodic follow up reports to the Board of Directors summarizing the action taken in respect of reported matters and the current assessment of risk. An Executive Summary of all such reports should be presented to the Board of Directors at year-end;
- Seek feedback from the auditees at the end of each major assignment to facilitate continuous quality improvement, and establish a quality assurance program by which HIA determines the operation of internal auditing activities;
- Assist in the investigation of significant suspected fraudulent activities within FFA Private Bank SAL as requested by the Board of Directors and report to them the result;
- Liaise and coordinate with other third parties to prevent duplication of work and determine the extent of reliance on their work;
- Educate and assist auditees to identify business risks and mitigate them through a system of effective internal controls;
- Perform any special audit assignments and provide assistance to other departments within FFA Private Bank SAL as requested by the Board of Directors;
- Conduct special reviews as requested by management or the Board of Directors.
- Review the internal control procedures of FFA Private Bank SAL and determine their effectiveness and whether these measures are in FFA Private Bank SAL’s interest.
- Acknowledges immediate follow up of all matters raised by the external auditors and the Banking Control Commission (BCC).
- Prepare periodic reports, at least semi-annually, about the work performed by the IAU and the recommendations thereon, and submit these reports to the BOD, allowing the BCC and external auditors the right to overview such reports.
- Review and ensure the effectiveness of the implemented following internal procedures:
a. System for supervision of operations and internal procedures according to the approved operation manual.
b. System for information processing and system for security.
c. System for measurement of risk and expected results.
d. System for risk management and control.
e. System for documentation and information.
f. System for valuation of assets.
The internal audit unit is a review and support activity, which does not relieve management of its responsibility for identifying, evaluating and managing risk. The internal audit unit may make recommendations for the improvement of internal controls, however, it is management’s decision and responsibility to implement these recommendations or other actions it deems to be more cost effective and appropriate. The Internal Audit Unit will, however, continue to report risks that have been identified and that, in its opinion, are not satisfactorily addressed.
The IAU will determine whether there is a need for specialized expertise to assist it in the performance of its duties.
8. Independence and Objectivity
Internal auditors at FFA Private Bank SAL shall maintain their independence in substance and appearance at all times from auditee management. Internal auditors shall not assume any responsibilities or perform any duties within FFA Private Bank SAL that are outside the Internal Audit Unit. The personnel of the IAU report to the HIA who reports administratively to the Chairman & General Manager and functionally to the Board of Directors.
Internal auditors shall continually strive to be objective in performing their responsibilities.
9. System Implementation
The IAU may participate, in an advisory capacity, in the planning, development, implementation, and modification of major computer-based and manual systems to indicate that:
- Adequate controls are incorporated in the system;
- A thorough testing of the system is performed at appropriate stages;
- System documentation is complete and accurate; and
The intended purpose and objective of the system implementation or modification is met.
10. Standards of Audit Practice
The Internal Audit Unit will meet or exceed the International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors (IIA).
Click here to download the PDF version of the Internal Audit Policies and Rules