Corporate Governance

Internal Audit Policies and Rules

Mission Statement

The Mission of the Internal Audit at FFA Private Bank is to assist members of Board of Directors and management in the effective discharge of their duties and responsibilities. To this end, the Internal Audit will provide independent assurance to FFA Private Bank’s Board of Directors and Audit Committee that all significant and material corporate governance matters and business risks are being appropriately controlled through furnishing them with analyses and recommendations, counsel and information.


The objectives of the Internal Audit at FFA Private Bank are:
  • To provide advice to the Board of Directors and Audit Committee on all aspects of corporate governance across FFA Private Bank, and independent assurance on the compliance with FFA Private Bank corporate governance;
  • To provide independent assurance to the SEO, the Audit Committee, and the Board of Directors by performing and issuing internal audit reports covering the adequacy and appropriations of FFA Private Bank to control and manage its business;
  • To provide assistance to managers and senior management in carrying out their internal control responsibilities including matters of risks, policies, and procedures;
  • To reduce any unnecessary risk exposure across FFA Private Bank by assuring control mechanisms are appropriate for levels of risk;
  • To provide advice to benchmark the effectiveness and efficiency of control;
  • To share effective and efficient risk management and control processes within FFA Private Bank.

The following objectives reflect the Standards of the Institute of Internal Auditors’ definition of an Internal Audit.

“Independent, objective assurance and consulting services designed to add value and improve FFA Private Bank’s operations. It will help FFA Private Bank in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance process.”

Scope of Work

FFA Private Bank

The scope of the work of the Internal Audit shall include all programs, activities, and departments administered by FFA Private Bank. The Internal Audit Unit shall determine whether the FFA Private Bank networks of risk management, control and governance processes, as designed and represented by management, are adequate and functioning in a manner to acknowledge that:

  • Risks are appropriately identified, quantified and their impact assessed;
  • Risk management systems and procedures is reliable and integral;
  • FFA Private Bank is complying with risk policies in terms of reviewing and assessing credit, market, and operational risks;
  • Appropriate policies and procedures have been developed to manage the identified risks;
  • FFA Private Bank’s and client’s assets are safeguarded;
  • Proper due diligence is conducted on custodians and correspondents;
  • Significant financial, managerial, and operating information is accurate, reliable, and timely;
  • Activities are in compliance with applicable rules, policies, standards and procedures;
  • Resources are acquired economically, used efficiently and protected adequately;
  • Programs, plans and objectives are achieved;
  • Quality and continuous improvement are fostered in FFA Private Bank’s control process;
  • Significant legislative or regulatory issues impacting FFA Private Bank are recognized and addressed appropriately.

Opportunities for improving operations, management control system, and FFA Private Bank image may be identified during audit assignments. They will be communicated to the appropriate level of management.

The Internal Audit Unit shall coordinate with the Senior Executive Officer (SEO) and the Audit Committee to assess the adequacy of the overall financial control environment, assess the adequacy of key financial and accounting internal controls, evaluate compliance with significant corporate policies and procedures, and identify opportunities for process and internal control improvement.


For the purpose of its work, the Internal Audit has unrestricted access at any time to all the records, personnel, property and operations of FFA Private Bank. The Internal Audit has responsibility for the safekeeping and confidentiality of all information provided and can obtain necessary assistance of personnel in units of FFA Private Bank where they perform audits, as well as other specialized services from within or outside FFA Private Bank.

The Head of Internal reports functionally to the Senior Executive Officer of FFA Private Bank.

The Head of Internal Audit is required to report to the Audit Committee matters that may identify during the work that involves either fraud, or significant breaches of laws and regulations.

The Audit Committee reviews the authority, scope of work and resources of the Internal Audit Unit on a regular basis to confirm these remain appropriate. Changes to the Internal Audit Charter are to be approved by the Board of Directors.
The Internal Audit Unit is not authorized to:
  • Perform any operational duties within FFA Private Bank;
  • Initiate or approve accounting transactions external to the Internal Audit;
  • Direct the activities of any employee not employed by the Internal Audit, except to the extent such employees have been appropriately assigned to auditing teams or otherwise to assist internal auditor.


The detailed annual audit plan developed by the Internal Audit will be approved by the FFA Private Bank’s Board of Directors. The audit universe for FFA Private Bank shall be identified and completely covered once a year.

Internal Audit reports will be reviewed by the Audit Committee and will be presented to the Board of Directors for approval.


The Head of Internal Audit in the discharge of her/his duties shall be accountable to the FFA Private Bank’s Audit Committee and Board of Directors to:
  • Prepare an annual audit plan that is based on an assessment of the risks and challenges facing FFA Private Bank, and that considers the effectiveness of FFA Private Bank processes to manage the identified risks;
  • Execute the annual audit plan approved by the Audit Committee and the Board of Directors, and for each area reviewed, issue an internal audit report detailing the significant issues related to the processes reviewed for controlling the activities of FFA Private Bank, including potential improvements to those processes and to issues;
  • Periodically provide information on the status and results of the annual audit plan and the sufficiency of unit resources;
  • Report on the status of the implementation of agreed actions in internal audit reports by performing follow up and by issuing follow-up reports, on a quarterly basis, highlighting significant outstanding issues previously reported;
  • Coordinate with and provide oversight of other control and monitoring functions.


The Internal Audit has responsibility to:

Develop a flexible risk-based annual audit plan, covering the whole system of internal controls, through discussion with senior management and taking into account FFA Private Bank’s risks, major projects, significant areas of change and specific management requests, and submit that plan for review and approval by the Audit Committee and the Board of Directors, then implement the risk-based annual audit plan. If in the opinion of the Head of Internal Audit, changes are required to the approved annual audit plan to address changes in risks / new risks, a summary of such changes together with the justification shall be channeled for approval by the Audit Committee and then presented to the Board of Directors;

  • Determine that Internal Audit discharges its duties in accordance with the standards and code of ethics published by the Institute of Internal Auditors.
  • Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications or outsource the needed skills and capabilities to meet the requirements of this charter;
  • Issue a formal report at the end of each assignment after full discussion with the management of the area audited, together with agreed management action plans and an executive summary. The report will be issued to the Audit Committee and submitted to the Board of Directors;
  • Follow up audit findings to determine weaknesses identified in internal controls have been effectively addressed;
  • Issue periodic follow up reports to the Audit Committee and Board of Directors summarizing the action taken in respect of reported matters and the current assessment of risk. An Executive Summary of all such reports should be presented to the Board of Directors at year-end;
  • Seek feedback from the auditees at the end of each major assignment to facilitate continuous quality improvement, and establish a quality assurance program by which Head of Internal Audit determines the operation of internal auditing activities;
  • Assist in the investigation of significant suspected fraudulent activities within FFA Private Bank as requested by the Audit Committee and/or the Board of Directors and report to them the result;
  • Liaise and coordinate with other third parties to prevent duplication of work and determine the extent of reliance on their work;
  • Educate and assist auditees to identify business risks and mitigate them through a system of effective internal controls;
  • Perform any special audit assignments and provide assistance to other departments within FFA Private Bank as requested by the Audit Committee and/or the Board of Directors;

  • Review the internal control procedures of FFA Private Bank and determine their effectiveness and whether these measures are in FFA Private Bank’s interest.

  • Prepare periodic reports, at least semi-annually, about the work performed by the Internal Audit and the recommendations thereon, and submit these reports to the Audit Committee and the Board of Directors.

  • Review and ensure the effectiveness of the implemented following internal procedures:

  • System for supervision of operations and internal procedures according to the approved operation manual.
  • System for information processing and system for security.
  • System for measurement of risk and expected results.
  • System for risk management and control.
  • System for documentation and information.
  • System for valuation of assets.

The Internal Audit is a review and support activity, which does not relieve management of its responsibility for identifying, evaluating and managing risk. The Internal Audit may make recommendations for the improvement of internal controls, however, it is management’s decision and responsibility to implement these recommendations or other actions it deems to be more cost effective and appropriate. The Internal Audit will, however, continue to report risks that have been identified and that, in its opinion, are not satisfactorily addressed.

The Internal Audit will determine whether there is a need for specialized expertise to assist it in the performance of its duties.

Independence and Objectivity

Internal auditors at FFA Private Bank shall maintain their independence in substance and appearance at all times from auditee management. Internal auditors shall not assume any responsibilities or perform any duties within FFA Private Bank that are outside the Internal Audit.
Internal auditors shall continually strive to be objective in performing their responsibilities.

System Implementation

The Internal Audit may participate, in an advisory capacity, in the planning, development, implementation, and modification of major computer-based and manual systems to indicate that:
  • Adequate controls are incorporated in the system;
  • A thorough testing of the system is performed at appropriate stages;
  • System documentation is complete and accurate; and The intended purpose and objective of the system implementation or modification is met.

Standards of Audit Practice

The Internal Audit will meet or exceed the International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors (IIA).
Click here to download the PDF version of the Internal Audit Policies and Rules