Corporate Governance

Internal Audit Policies and Rules

Mission Statement

The Mission of the Internal Audit Unit of Investment & Capital Bank is to assist members of the Board of Directors and management in the effective discharge of their duties and responsibilities. To this end, the Internal Audit Unit will provide independent and reasonable assurance to Investment & Capital Bank’s Board of Directors and Audit Committee that all significant and material corporate governance, and business risks are being appropriately mitigated through furnishing them with analyses and recommendations, counsel and information.


The objectives of the Internal Audit Unit of Investment & Capital Bank are:
  • To provide advice to the Board of Directors and Audit Committee on all aspects of corporate governance across Investment & Capital Bank, and independent assurance on the compliance with Investment & Capital Bank Corporate Governance Framework;
  • To provide independent assurance to the CEO, the Audit Committee, and the Board of Directors by performing and issuing internal audit reports covering the adequacy and appropriations of Investment & Capital Bank to control and manage its business;
  • To provide assistance to managers and senior management in carrying out their internal control responsibilities including matters of risks, policies, and procedures;
  • To ensure that management is reducing any unnecessary risk exposure across Investment & Capital Bank by implementing the appropriate control mechanisms are appropriate for various types of risk;
  • To ensure existence of effective and efficient risk management and control processes within Investment & Capital Bank.
The following objectives reflect the Standards of the Institute of Internal Auditors’ definition of an Internal Audit Unit.

“Independent, objective assurance and consulting services designed to add value and improve Investment & Capital Bank’s operations. It will help Investment & Capital Bank in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance process.”

Scope of Work

Administered by Investment & Capital Bank, the Internal Audit Unit shall determine whether the Investment & Capital Bank networks of risk management, control and governance processes, as designed and represented by management, are adequate and functioning in a manner to acknowledge that:
  • Risks are appropriately identified, quantified and their impact assessed;
  • Risk management systems and procedures is reliable and integral;
  • Investment & Capital Bank is complying with risk policies in terms of reviewing and assessing credit, market, and operational risks;
  • Appropriate policies and procedures have been developed to manage the identified risks;
  • Investment & Capital Bank’s and client’s assets are safeguarded;
  • Proper due diligence is conducted on sub-custodians and correspondents;
  • Interaction with the various governance groups is occurring as required;
  • Significant financial, managerial, and operating information is accurate, reliable, and timely;
  • Activities are in compliance with policies, standards, procedures and applicable BDL, CMA, SIC & BCC regulations;
  • Resources are acquired economically, used efficiently and protected adequately;
  • Programs, plans and objectives are achieved;
  • Quality and continuous improvement are fostered in Investment & Capital Bank’s control process;
  • Significant legislative or regulatory issues impacting Investment & Capital Bank are recognized and addressed appropriately.


For the purpose of its work, the Internal Audit Unit has unrestricted access at any time to all the records, personnel, property and operations of Investment & Capital Bank. The Internal Audit Unit has responsibility for the safekeeping and confidentiality of all information provided and can obtain necessary assistance of personnel in departments and units of Investment & Capital Bank where they perform audits, as well as other specialized services from within or outside Investment & Capital Bank.

The Head of Internal Audit reports administratively to the Chief Executive Officer of Investment & Capital Bank and functionally to the Board Audit Committee.

The Head of Internal Audit is required to report to the Audit Committee matters that may identify during the work that involves either fraud or significant breaches of laws and regulations.

The Audit Committee reviews the authority, scope of work and resources of the Internal Audit Unit on a regular basis to confirm these remain appropriate. Changes to the Internal Audit Charter are to be approved by the Audit Committee.
The Internal Audit Unit is not authorized to:
  • Perform any operational duties within Investment & Capital Bank;
  • Initiate or approve accounting transactions external to the Internal Audit Unit;
  • Direct the activities of any employee not employed by the Internal Audit Unit or appropriately assigned to assist the internal auditors.


The detailed annual audit plan developed by the Internal Audit Unit will be approved by the Investment & Capital Bank’s Audit Committee and Board of Directors. The audit universe for Investment & Capital Bank shall be identified and completely covered once every two years.

Internal Audit reports will be reviewed by the Audit Committee. An executive summary of all internal audit reports will be presented to the Audit Committee and the Board of Directors on semi-annual basis.


The Head of Internal Audit in the discharge of her/his duties shall be accountable to the Investment & Capital Bank’s Audit Committee and Board of Directors to:
  • Prepare an annual audit plan that is based on an assessment of the risks and challenges facing Investment & Capital Bank, and that considers the effectiveness of Investment & Capital Bank processes to manage the identified risks;
  • Execute the annual audit plan approved by the Audit Committee and the Board of Directors, and for each area reviewed, issue an internal audit report detailing the significant issues related to the processes reviewed for controlling the activities of Investment & Capital Bank, including potential improvements to those processes and other issues;
  • Periodically provide information on the status and results of the annual audit plan and the sufficiency of the unit’s resources;
  • Report on the status of the implementation of agreed actions in internal audit reports by performing follow up and by issuing follow-up reports, on a quarterly basis, highlighting significant outstanding issues previously reported;
  • Coordinate with and provide oversight of other control and monitoring functions.


The Internal Audit Unit has responsibility to:
  • Develop a flexible risk-based annual audit plan, covering the whole system of internal controls, through discussion with senior management and taking into account Investment & Capital Bank’s risks, major projects, significant areas of change and specific management requests, and submit that plan for review and approval by the Audit Committee and the Board of Directors, then implement the risk-based annual audit plan. If, in the opinion of the Head of Internal Audit, changes are required to the approved annual audit plan to address changes in risks / new risks. A summary of such changes together with the justification shall be channeled for approval by the Audit Committee and then presented to the Board of Directors;
  • Determine that Internal Audit Unit discharges its duties in accordance with the standards and code of ethics published by the Institute of Internal Auditors;
  • Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications or outsource the needed skills and capabilities to meet the requirements of the Internal Audit charter;
  • ssue a formal report at the end of each assignment after full discussion with the management of the area audited, together with agreed management action plans and an executive summary. The report will be issued to the Audit Committee and submitted to the Board of Directors;
  • Follow up on the audit findings to determine that identified internal controls weaknesses have been effectively addressed;
  • Issue periodic follow up reports to the Audit Committee summarizing the action taken in respect of reported matters and the current assessment of risk. An Executive Summary of all such reports should be presented to the Board of Directors at year-end;
  • Assist in the investigation of significant suspected fraudulent activities within Investment & Capital Bank as requested by the Audit Committee and/or the Board of Directors and report to them the result;
  • Liaise and coordinate with other third parties to prevent duplication of work and determine the extent of reliance on their work;
  • Educate and assist auditees to identify business risks and mitigate them through a system of effective internal controls;
  • Perform any special audit assignments and provide assistance to other departments within Investment & Capital Bank as requested by the Audit Committee and/or the Board of Directors;
  • Conduct special reviews as requested by management or Audit Committee or the Board of Directors;
  • Review the internal control procedures of Investment & Capital Bank and determine their effectiveness and whether these measures are in Investment & Capital Bank’s interest;
  • Acknowledges immediate follow up of all matters raised by the external auditors, the Capital Markets Authority (CMA) and the Banking Control Commission (BCC);
  • Prepare periodic reports, at least semi-annually, about the work performed by the Internal Audit Unit and the recommendations thereon and submit these reports to the Audit Committee and the Board of Directors, allowing the BCC and external auditors the right to overview such reports.
  • Review and ensure the effectiveness of the implemented internal procedures.
The Internal Audit Unit will determine whether there is a need for specialized expertise to assist it in the performance of its duties.

Independence and Objectivity

Internal auditors at Investment & Capital Bank shall maintain their independence in substance and appearance at all times from auditee management. Internal auditors shall not assume any responsibilities or perform any duties within Investment & Capital Bank that are outside the Internal Audit Unit. Internal auditors shall continually strive to be objective in performing their responsibilities.

Standards of Audit Practice

The Internal Audit Unit will meet or exceed the International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors (IIA).