Internal Audit

A strong internal control system, including an independent and effective Internal Audit Function, is part of sound corporate governance. The mission of the Internal Audit Function at Bank One is to provide vital assurance to the Board Audit Committee (and ultimately the Board) and senior management on the quality of the bank’s internal control system, risk management and governance processes.

The Internal Audit Function of Bank One functionally reports to the Board Audit Committee on a quarterly basis. Individual working sessions are also conducted with the Board Audit Committee without the presence of management.

The Internal Audit Function consists of a Head of Internal Audit and a team of 5 staff with a combination of ACCA, CIA, CISA and GIAC Certified Incident Handler (GCIH) qualified.

The department consists of 2 units namely the Risk Based Audit (RBA) unit and the Information Technology (IT) unit.

RBA unit

A risk based strategic approach is adopted for the development of the annual internal audit plan. This approach involves a focus on understanding the work of each department and identifying risks associated with all processes and procedures. The internal audit plan is then developed based on a prioritization approach based on the inherent and residual risk rating associated with each process (or department as a whole). The plan also includes input from senior management and the Board Audit Committee. Internal audit assignments is conducted in accordance to the procedures set out in the Internal Audit Procedures Manual and in compliance with the Standards for the Professional Practice of Internal Auditing as prescribed by the Institute of Internal Auditors.

IT unit

The IT audit function has the task of helping the bank undergo business transformation while managing potential IT risks that could cripple the bank. To achieve this objective, the IT audit operates to help identify, mitigate and monitor IT risks. IT auditing evaluates the controls around the information with respect to Confidentiality, Integrity, and Availability. The framework in use is COBIT (Control Objectives for Information and related Technology) which is a worldwide accepted framework for IT auditing developed by the ISACA (Information Systems Audit and Control Association).