Page 171 - Bank Muamalat_AR24
P. 171
ANNUAL REPORT 2024 1 2 3 4 5 6 Governance 7 8 169
The Internal Audit function operates under a defined Internal COBIT Framework Application: Assessing IT governance,
Audit Mandate, which establishes its authority, responsibilities, security controls, and business continuity management
and reporting structure. The mandate empowers the Internal using the COBIT framework to ensure alignment with
Audit function with the necessary independence, position, industry standards.
and resources to perform its duties effectively. It is supported
by a formally approved Internal Audit Charter, which further Reporting and Recommendations: Providing audit issues,
outlines its purpose, authority, reporting structure, the CIA managing for value recommendations, investigation and
roles and responsibilities, and the scope of audit work. whistleblowing results to the BAC and senior management
for timely corrective actions and improvements.
The Internal Audit Charter ensures that the function
maintains independence, objectivity, and professionalism Monitoring and Follow-up: Ensuring implementation of
while conducting its duties. It also establishes the reporting corrective actions through continuous monitoring and
structure, granting Internal Audit unrestricted access to data, follow-up audits.
records, information, personnel, and physical properties
relevant to audit engagements. The Internal Audit function continuously implemented a
quality assurance and improvement programme to uphold
The function adheres to the International Professional the standards of audit quality and effectiveness. The programme
Practices Framework issued by the Institute of Internal includes:
Auditors (IIA), ensuring that its audit approach aligns with
global audit standards. Compliance with these standards Ongoing Monitoring and Supervision: Ensuring audits are
reinforces the credibility, effectiveness, and consistency of conducted in compliance with established methodologies
audit engagements across the Bank. and global standards.
Periodic Internal Assessment: Conducting self-assessment
The Internal Audit function adopts a risk-based audit
methodology, focusing on high-risk and significant areas to evaluate adherence to internal policies and international
that could impact the Bank’s financial health, reputation, audit standards.
and regulatory compliance. The audit methodology is External Quality Assessment: Engaging an independent
aligned with globally recognised frameworks, including the external assessor outside of the Bank to review the Internal
Committee of Sponsoring Organisations of the Treadway Audit function’s performance and effectiveness. The last
Commission (COSO) Internal Control-Integrated Framework external assessment was conducted in 2021, and the next
and the Control Objectives for Information and Related assessment will be due in 2026.
Technologies (COBIT) Framework for IT audits.
Stakeholder Feedback Mechanism: Collecting feedback
Key elements of the audit methodology include: from auditees and key stakeholders to identify opportunities
for improvement.
Risk Assessment: Identifying and prioritising high-risk and
significant areas based on a comprehensive risk assessment Continuous Improvement Initiatives: Implementing
process. enhancements based on assessment issues, emerging risks,
and regulatory developments, including awareness sessions
Audit Planning: Developing an annual audit plan that
aligns with the Bank’s strategic objectives and regulatory on significant topics to the targeted audience within the
expectations. The plan for 2024 is reviewed and revised Bank.
periodically to address emerging risks and changes in the Resources
business environment.
The Internal Audit function is committed to strengthening
Fieldwork and Testing: Conducting detailed assessments its auditors’ competencies through professional certifications
through data analysis, interviews, process walkthroughs, and development opportunities, and aims to maintain a highly
and control testing. skilled, certified workforce capable of delivering high-quality
COSO Framework Application: Ensuring the evaluation of audits.
internal controls aligns with COSO’s five (5) components: As of December 2024, the function comprises 39 professional
control environment, risk assessment, control activities, auditors with diverse finance, risk management, IT,
information and communication, and monitoring activities. Shariah, and compliance credentials and competencies.
82% auditors hold at least 1 professional certificate related
to audit and banking, compliance, technology, and Shariah.
The collective expertise enables the Internal Audit function
to conduct comprehensive risk assessments and deliver
audit engagements.
