Internal Audit Charter and operating standards



Similar documents
Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

E-Business Strategies For a Cmpany s Bard

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

Audit Committee Charter

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY

Chief Finance and Operations Officer IfM Education and Consultancy Services (IfM ECS)

How To Write An Ehsms Training, Awareness And Competency Procedure

10 th May Dear Peter, Re: Audit Quality in Australia: A Strategic Review

Chapter 7 Business Continuity and Risk Management

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

CMS Eligibility Requirements Checklist for MSSP ACO Participation

Risk Management Policy AGL Energy Limited

Major capital investment in councils. Good practice checklist for project managers

Gravesham Borough Council

CDC UNIFIED PROCESS PRACTICES GUIDE

Change Management Process

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Business Continuity Management Policy

Appendix H. Annual Risk Assessment and Audit Plan 2013/14

17 Construction environmental management plan (CEMP)

Corporate Standards for data quality and the collation of data for external presentation

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

IT CHANGE MANAGEMENT POLICY

Human Resources Policy pol-020

Business Plan

FINANCE SCRUTINY SUB-COMMITTEE

Process Improvement Center of Excellence Service Proposal Recommendation. Operational Oversight Committee Report Submission

KERRY ROGERS, DIRECTOR OF CORPORATE SERVICES/COMPANY SECRETARY

Financial Accountability Handbook

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

Training - Quality Manual

Change Management Process For [Project Name]

Information Technology Services. University of Maine System. Version December 20, 2012

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company,

VCU Payment Card Policy

A Comparison of UK and Chinese Broking Regulation

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012

EJttilb Health. The University of Texas Medical Branch Audit Services. Audit Report. Epic In-Basket Management Audit. Engagement Number

This report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.

RATIONALE TERMS OF REFERENCE FOR THE QUALITY COMMITTEE UNDER THE EXCELLENT CARE FOR ALL ACT. Authority

Represent New College Stamford at both national and regional events and serve on appropriate external committees.

CDC UNIFIED PROCESS PRACTICES GUIDE

Systems Support - Extended

Data Warehouse Scope Recommendations

Professional Leaders/Specialists

THIRD PARTY PROCUREMENT PROCEDURES

Fraud Prevention Techniques for Higher Education

IT CONTROL ENVIRONMENT ASSESSMENT AND RECOMMENDATIONS REPORT

CHANGE MANAGEMENT STANDARD

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

INFRASTRUCTURE TECHNICAL LEAD

SERVICE DESK TEAM LEADER

Personal Data Security Breach Management Policy

Purpose Statement. Objectives

SEC FLASH REPORT. June 28, 2011

Malpractice and Maladministration Policy

Request for Proposal (RFP) RFP HQ Training Session and Leadership Program Development Consulting Services

Doctoral Framework Guidelines

TO: Chief Executive Officers of all National Banks, Department and Division Heads, and all Examining Personnel

Communal Property Institution Capacity Assessment Tool

Franchise Coach Position Description

PURPOSE The purpose of this Position Description (PD) is to assist the employee in the following areas:

Business Continuity Management Systems Foundation Training Course

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC.

Waitemata District Health Board, 15 Shea Terrace, Takapuna

Symantec User Authentication Service Level Agreement

Internal Audit Revenue Cycle Risks

Key Steps for Organizations in Responding to Privacy Breaches

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

Office of the Superintendent of Financial Institutions. Internal Audit Report. Human Resources Performance Management.

Phi Kappa Sigma International Fraternity Insurance Billing Methodology

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager

Department of Economic Development. Vocational Training Financial Support Scheme Guidance Document. Updated December 2014

ATTACHMENT U THIRD PARTY AUDITOR/CONSULTANT QUALIFICATION GUIDELINE

A Guide to Risk Management

Writing a Project Management Plan

EMPOWERING LOCAL BUSINESS TO ACCESS FUNDING. PARTIAL CREDIT GUARANTEE and SUPPLY CHAIN FINANCING

TERM OF REFERENCE. for the English Based Curriculum Development (Primary) for Westline Education Group

GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Most Recently Amended: December 8, 2015

How To Understand The Risks Of A Financial Institutin

Transcription:

Internal Audit Charter and perating standards

2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw the auditing prcess perates practically, including: the preparatin and apprval f the annual Internal Audit Plan; the preparatin and apprval f Internal Audit review scpe dcuments; issue f Internal Audit reprts in draft frm and final frm, including the basis f grading audit issues and reprts; reprting and tracking f audit findings; and fllw up n implementatin f management actins t address audit findings. A separate Charter fr Llyd s China is attached as Appendix I, in accrdance with CIRC regulatry requirements fr Llyd s China. 2 internal audit charter 2.1 Missin Internal Audit s missin is t prvide reliable independent assurance t the Audit Cmmittee and Executive Team n the adequacy, effectiveness and sustainability f the system f internal cntrl. This is achieved thrugh implementatin f best practice methdlgies and leveraging expert capability. In carrying ut its activities Internal Audit aims t cntribute t building strng and effective risk awareness and cntrl cnsciusness within Llyd s; cntinuusly imprving risk management and cntrl prcesses s they perate at ptimum effectiveness and cst efficiency and reflect leading practice; and sharing best practice with regard t risk management and assurance acrss Llyd s. 2.2 Rle & Respnsibilities Internal Audit is the third line f defence in the risk gvernance structure, prviding independent and bjective assurance ver the design and effectiveness f cntrls in place t manage the key risks impacting Llyd s business perfrmance. Internal Audit has a key rle in supprting the accmplishment f Llyd s bjectives. Internal Audit is accuntable fr develping and delivering a prgramme f assurance aimed at validating the effective management f key business risks. Internal Audit is accuntable fr reprting its findings, cnclusins, and recmmendatins t the audited parties, Executive Team and Audit Cmmittee. Management is respnsible fr the effective identificatin f risk and the maintenance f adequate systems f cntrls. Internal Audit is respnsible fr ensuring that timely fllw-up n management actins ccurs. Management is respnsible fr crrective actins n reprted weaknesses. Management can request Internal Audit t perfrm audit reviews subject t these requests nt affecting Internal Audit s independence and bjectivity. The final decisin fr any changes t the Internal Audit plan rests with the Audit Cmmittee. An annual review f the adequacy f this Internal Audit Charter is als perfrmed by the Audit Cmmittee.

3 2.3 Independence and rights f access Internal Audit must be independent frm management at all times in rder t be effective in executing its wrk freely and bjectively, including: Internal Auditrs have n direct respnsibility r authrity ver any perating activities reviewed and shuld nt relieve thers f their respnsibilities; Internal Audit are specifically prhibited frm perfrming management activities, including: perfrming peratinal duties, including peratin f plicies and prcedures; initiating r apprving accunting transactins; and undertaking cnsulting engagements, specifically, thse engagements where the primary aim includes prcess imprvement, implementatin f systems, r advising n perating practices (e.g. benchmarking); The Head f Internal Audit has a direct reprting line t, with direct and unlimited access t, the Chair f the Audit Cmmittee and a secndary reprting line t the Chief Executive Officer. In additin, the Head f Internal Audit als reprts t the Llyd s Japan Bard fr wrk perfrmed; The Audit Cmmittee apprves Internal Audit s annual Plan and the verall budget; Internal Audit is authrised t review all areas f Llyd s and has full, free, and unrestricted access t all activities, recrds, prperty, and persnnel necessary t cmplete their wrk including crrespndence with regulatrs and Franchise Bard and Cmmittees meeting minutes; Internal Audit is authrised t allcate resurces, set frequencies, select areas, determine audit scpes and apply audit tls and techniques, and t btain the necessary assistance and specialised services within r utside Llyd s t accmplish its bjectives; Internal Audit reprts with significant findings will be reprted in full t the Audit Cmmittee; and Internal Audit has the right t be infrmed by management, n a timely basis, f any significant cntrl failures identified by management r the external auditrs. 2.4 Annual Internal Audit Planning T ensure adequate audit cverage f the Cmpany s systems and cntrls an audit universe is prepared by Internal Audit. Our annual Internal Audit Plan is derived frm the audit universe, prviding cnsideratin f rtatin f audit areas and areas f greatest risk. Our planning apprach includes interviews with each executive and key senir managers in the Crpratin. The Plan is submitted t the Executive Team fr their review prir t apprval by the Audit Cmmittee. The audit universe and annual Plan are develped independently by Internal Audit with full reference t: the Executive Team s and senir management views f the key risks facing the business; expectatins and issues raised by the regulatr; the Risk Management team t ensure all relevant risks are addressed in a plan that frms part f a value adding assurance framewrk; and Internal Audit s discussins with the external auditrs (PWC). In additin, IA will agree audit planning, audit scpes and audit reprts with the Llyd s Japan Bard fr wrk cnducted. 2.5 Scpe f wrk The primary scpe f Internal Audit s activities is the examinatin and evaluatin f the adequacy and effectiveness f Llyd s systems f risk management, internal cntrl and gvernance prcesses fr the Crpratin f Llyd s and its subsidiaries. In additin t this, Internal Audit s scpe will include review f: cmpliance with plicies; reliability and integrity f infrmatin;

4 means f safeguarding, verifying and accunting fr assets; and ecnmic and efficient use f resurces. 2.6 Cde f Ethics & Prfessinal Standards Internal Audit will cmply with the Internatinal Standards fr the Practice f Internal Auditing issued by the Institute f Internal Auditrs ( IIA ). Internal Audit management and staff are expected t cmply with the IIA s Cde f Ethics and demnstrate the Llyd s values. 2.7 Quality Review Prcess A thrugh and well defined quality assurance prcess exists ver deliverables prduced by Internal Audit (including wrkpapers, reprts and plans). All audit wrk is firstly reviewed by the Internal Audit Manager assigned. The wrk is then reviewed by the audit partner, and where audit reprts relate t mre cmplex r sensitive areas, they will be reviewed by a secnd audit partner, in additin, t the general quality assurance review prcess within Delitte. All wrk is then reviewed by the Head f Internal Audit. 2.8 External Audit IA liaises with External Audit (PWC) t share infrmatin and share ensure adequate cverage f risks. This shuld include: External Audit relying n the wrk perfrmed by Internal Audit t drive efficiency f apprach; and cnsideratin by Internal Audit f the cntrl weaknesses identified by external audit, bth in individual internal audit planning and annual internal audit planning. 3 internal audit perating standards 3.1 Audit scpe dcuments 3.1.1 Cntents and timing Internal Audit drafts each scpe dcument, fllwing a planning meeting with management, utlining the review bjectives; the scpe f the review, including specific pints f fcus fr the review; and the prpsed time f cmmencement and the estimate f the days required fr cmpletin. The draft scpe dcument is agreed with management and then issued fr apprval t the Executive respnsible fr the auditable area. 3.1.2 Apprval A Llyd s Prject Spnsr, being the Directr respnsible fr the area f peratins subject t review, is appinted fr each Internal Audit. The scpe dcument is reviewed and apprved by the Prject Spnsr fr cmpleteness t identify areas f knwn cncern and/r areas that require remedial actin. The Prject Spnsr is nt allwed t restrict the scpe, but may identify areas f specific fcus that may be added t the agreed wrk prgramme. The scpe dcument als requires the apprval f the Head f Internal Audit (HIA) t authrise the allcatin f the estimated Internal Audit days fr the review. Apprval is nrmally required by bth the Prject Spnsr and the HIA befre an audit can cmmence. In urgent circumstances, verbal apprval can be given t cmmence an audit prvided it is frmally authrised within a shrt time perid thereafter.

5 3.2 Internal Audit annual planning prcess The annual audit planning prcess cmmences in September each year. Internal Audit meets separately with each member f Executive Team and selected senir management t discuss the inherent risk assessment and cntrl envirnment. The draft audit plan is discussed with the CEO and Directr Finance, Risk and Operatins, prir t being presented at the Executive Team fr discussin and apprval. The Internal Audit Plan is then presented at the Audit Cmmittee meeting fr discussin and apprval. 3.3 Issue f draft and final Internal Audit reprts The fllwing utlines the prcess fr the issue f Internal Audit reprts in draft frm and final frm. 3.3.1 Criteria fr ranking f audit reprts and audit issues All audit issues cntained in final reprts are assigned a pririty ranking t determine the relative imprtance f each issue. The audit issues represent residual risk (the level f risk remaining having taken int accunt bth the inherent risk and the effectiveness f cntrls t mitigate that inherent risk). Grading f reprts Reprts are assigned an verall grade f Critical, Significant, Mderate r Lw. The grading f the reprts is based n the underlying issues within each reprt. The fllwing table prvides the reprt gradings: Critical Audit reprts cntaining any critical issues will be defined as Critical, Furthermre, where a reprt cntains a number f significant issues which, taken tgether, indicate an verall critical weakness in the cntrl envirnment fr a particular prcess, the reprt will be assigned Critical. Significant Audit reprts cntaining any significant issues will be defined as Significant. Furthermre, where a reprt cntains a number f mderate issues which, taken tgether, indicate an verall significant weakness in the cntrl envirnment fr a particular prcess, the reprt will be assigned Significant. Mderate Audit reprts cntaining any mderate issues will be defined as Mderate. Lw Audit reprts cntaining nly lw issues will be defined as Lw. Grading f issues Issues identified will be graded Critical, Significant, Mderate r Lw depending n the relative imprtance f the issue. In rder t reduce the subjectivity in grading, we have prvided a set f guidelines that are used as a basis t assist in the evaluatin f the apprpriate grade attached t each issue. The table belw includes descriptins f example types f impact that an issue culd give rise t (e.g. financial lss, reputatinal damage). These are mapped t apprpriate reprt grades depending n the severity f that impact. This table is nt designed t be a prescriptive set f rules, but rather t be used as guidance. The verall evaluatin f the gradings will be assessed with due cnsideratin t the impact and likelihd f residual risk f the audit issues, having assessed the verall effectiveness and efficient f cntrls.

6 Table f guidelines fr grading issues IMPACT TYPE LOW MODERATE SIGNIFICANT CRITICAL Regulatry Minr breaches by individual staff members with n cnsequences; n mnetary fine and n disruptin t services. Regulatry breach with mnetary fines < 100,000 and ptential fr extra reprting requirements and /r regulatry examinatins Mnetary fine > 100,000 and disruptin t scheduled services. Lss f licence in a jurisdictin/ lss f pprtunity fr licence. Mnetary fine > 250,000 and assciated publicity, plus disruptin t scheduled services leading t lss f licence in critical jurisdictin. Reputatin Adverse cverage in lcal nn-leading financial press. N impact n security ratings, capital prviders r regulatry relatinships. Adverse cverage in leading financial press. Capital prviders, Rating Agencies r regulatrs raise issues with management. Extended negative natinal media cverage and/r adverse internatinal press cverage. Ptential dwngrading f security ratings. Extended internatinal negative media cverage and significant dwngrading f security ratings. Financial lss: Crpratin < 25,000 > 25,000 > 200,000 > 1 millin Central Fund > 250,000 > 1 millin > 10 millin > 10% f Central Fund Change Management Causes a delay in implementatin f a change prject f up t 3 mnth. Causes a delay in implementatin f a change prject f between 4 and 6 mnths that impacts the achievement f strategic gals. Serius delay f key prject by 7 t 12 mnths resulting in adverse impact t achieving strategic gals. Serius delay f key prject by 12+ mnths resulting in nn-achievement f strategic gals. Service Quality Perfrmance standards missed by 5% due t prcess prblems. Csts 5% ver budget. Perfrmance standards missed by between 5% and 20% due t prcess prblems. Csts 10% ver budget. Perfrmance standards missed by between 20% and 50%. Csts 50% ver budget. Significant lss f custmers due t perfrmance standards missed by greater than 50%; csts 50% ver budget. Likelihd Prbability f less than 10% Prbability f between 10 and 30% Prbability f between 30 and 40% Prbability greater than 40% 3.4 Reprting and tracking f audit findings 3.4.1 Reprting f audit reprts Final Critical and Significant audit reprts, as defined abve, are reprted t the Executive Team. Critical and Significant reprts will als be advised t the Chair f the Audit Cmmittee n a timely basis and will be reprted in detail t the Audit Cmmittee. The key issues f Mderate reprts will be reprted t the Executive Team and an verview will be prvided t the Audit Cmmittee. An verview f the findings f Lw reprts will be reprted t the Executive Team and Audit Cmmittee.

7 3.4.2 Tracking f audit findings Internal Audit fllws up n the status f each utstanding audit issue each quarter. Each directr is asked t sign ff n the status prir t the issues being cllated by Internal Audit. Aged utstanding items are highlighted t the Executive Team and Audit Cmmittee. 3.4.3 Reprting t the Executive Team and the Audit Cmmittee n audit issue status A quarterly status reprt n the prgress f Internal Audit is prvided t the Executive Team. This status reprt includes issued audit reprts, audits in prgress, changes t plan and/r budget, and the status f implementatin f audit findings. Where critical and/r high risk issues are identified during an audit, these are reprted at the next Executive Team meeting. An verall summary, by grade, f agreed audit issues requiring management actin are included in the quarterly reprting. The reprt is then prvided t the Audit Cmmittee fr their cnsideratin.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information