Page 152 - Bank-Muamalat-AR2020
P. 152

150    BANK MUAMALAT MALAYSIA BERHAD                   About Us           Our Leadership       Our Strategy
                                                            About Us
            ANNUAL REPORT FY2020

          STATEMENT ON RISK MANAGEMENT AND

          INTERNAL CONTROL







          Regulators on how the Internal Audit Division (“IAD”) fulfils   organisational status, as well as the authority to perform duties
          its mission  and  measure  the effectiveness,  performance  and   without impediment and to address difficult issues with other
          quality of internal audit activity.                   Senior Management.
          Internal Audit activity helps the Bank to accomplish its goals   Annual Audit Plan
          by bringing an objective and disciplined approach to evaluate
          and improve the effectiveness of risk management, internal   IAD formulated the Annual Audit Plan using a risk-based
          control system and governance processes. This function serves   methodology,  taking into consideration  the bank-wide
          as an important source of advice for the BAC concerning areas   governance, risk and compliance as well as information and
          of weaknesses or deficiencies in internal processes to facilitate   relevant initiatives completed by  other lines of defence. The
          appropriate remedial measures by the Bank.            Annual Audit Plan and its revision will be reviewed and
                                                                approved by the BAC annually.
            Internal Audit Division
                                                                The audit universe covered during the financial year includes,
          The Internal Audit activity of the Bank is under the purview   but is not limited to cybersecurity, data management, regulatory
          of the Internal Audit Division (“IAD or Division”) which is   updates, third party  reliance, human capital, governance,
          currently headed by the Chief Internal Auditor (“CIA”).  business  continuity management, sustainability, processes,
                                                                system and technology.
          The Division serves as an independent function within the Bank
          that carries out an independent assessment, consulting activities   The results of the audit reviews conducted, including the audit
          and provide objective assurance on the state of internal controls,   observations, its risks, audit recommendations, Management’s
          risk management, and governance processes established within   responses and action plans are reported to the BAC regularly
          the Bank to the Board of Directors through the BAC.   for review and deliberation. Rectification of outstanding audit
                                                                observations performed  by the Management is tracked and
          IAD also serves to enhance and protect the Bank’s value by   challenged by the Management Audit Committee and the BAC
          providing advice and insight on the internal processes in terms   on monthly basis to ensure adequate and effective actions taken
          of efficiency, effectiveness, and business practicality to achieve   are within an appropriate and agreed timeline.
          the Bank’s vision and strategic objectives.
                                                                Competency
          To establish and maintain the internal audit activity’s
          position within the Bank, IAD is guided by its Internal Audit   IAD continuously encourages auditors to uphold proficiency
          Charter which defines  the purpose,  authority, responsibility,   by  obtaining  relevant professional certifications, which is
          accountability, independence and objectivity as well as   assessed annually through the Training Needs Analysis.
          professionalism and ethical standards.
          Additionally, the IAD is guided by the Internal Audit Manual, the   OTHER KEY ELEMENTS OF INTERNAL CONTROLS
          Internal Audit Policy and the relevant Frameworks in effectively   The other key elements incorporated by the Board  that
          assessing and reporting the adequacy and effectiveness of the   contributes to an effective internal controls system include:
          design and implementation of the Bank’s overall system of
          internal control, risk management and governance.     Board Committees

          Independence                                          Relevant Board Committees are established to assist the Board in
                                                                executing its overall governance responsibilities and oversight
          The independence of the IAD is effectively achieved with the   function. The  Board  committees  exercise  its responsibilities
          CIA reports functionally to the BAC and is independent of   delegated by the Board  to deliberate on matters within the
          the  activities audited including management decisions on   respective scope of responsibility. Each  of the committees  is
          operational matters and internal  control processes of other   guided by its terms of reference and their minutes of meetings
          operating units within the Bank. The functional reporting line to   are tabled to the Board. These Committees are authorised to
          the BAC provides the CIA with direct access to sensitive matters   examine all matters within the scope defined in their respective
          and enables sufficient organisational status. An administrative   terms of reference and report their  recommendations to the
          reporting to the CEO also provides  the CIA with sufficient
                                                                Board.
   147   148   149   150   151   152   153   154   155   156   157