INTERNAL AUDIT FUNCTION Bank Islam has an in-house internal audit function which is carried out by the Group Internal Audit Division (GIAD). The GIAD undertakes the audit on entities within Bank Islam and its subsidiaries. During the financial year under review, the audited entities include BIMB Investment Management Berhad, BIMB Securities Sdn Bhd, Bank Islam Labuan Offshore Branch, BIMB Securities (Holdings) Sdn Bhd, Syarikat Al-Ijarah Sdn Bhd, Bank Islam Trust Company (Labuan) Ltd, BIMBSEC Nominees (Tempatan) Sdn Bhd and BIMBSEC Nominees (Asing) Sdn Bhd. The GIAD is primarily responsible to undertake regular and systematic reviews in conformance with the Institute of Internal Auditors’ International Professional Practices Framework and the Internal Audit Charter. This is a crucial aspect of GIAD to provide reasonable assurance that the risk management process, internal controls and governance practices of Bank Islam and its Group are operating satisfactorily and effectively and are in line with the Group’s goals and objectives. Responsibility, Scope and Methodology The BAEC oversees the performance and effectiveness of the Internal Audit function based on the approved key performance indicators. The BAEC assesses the competency and experience of the Internal Audit staff as well as the adequacy of resources for the Internal Audit to carry out its functions effectively. The BAEC also ensures that the Internal Audit staff have the authority to discharge their role objectively and independently, free from any relationship or conflict of interest. To reflect the independence of Internal Audit, the GCIA reports functionally to the Board through the BAEC and administratively to the GCEO. The GCIA is Zalfitri Abd Mutalip who has a degree in Bachelor of Science in Business Administration (Finance), a Certificate in Internal Auditing for Financial Institution (CIAFIN) and is a Chartered Professional in Islamic Finance (CPIF). He has extensive experience in auditing in the financial industry and has helmed the GIAD of Bank Islam since 2017. The annual audit plan is reviewed and approved by the BAEC before the beginning of each financial year. The audit plan adopts a risk-based approach in determining the auditable units and frequency of the audits which focussed on the following three (3) components: i. Impact and likelihood of the inherent risk; ii. Known quality of respective controls or risk mitigants in place; and iii. The existence of effective risk transfer and loss impact reduction practices in minimising potential losses from negligence or fraud. The GIAD adopts the standards and principles outlined in the Internal Controls Framework of Committee of Sponsoring Organization of the Treadway Commission (COSO) and the objectives set by the Institute of Internal Auditors’ International Professional Practices Framework which comprises the core principle for the Professional Practice of Internal Auditing, the definition of Internal Auditing and Code of Ethics. The outcome of the audits conducted, including its risks, rootcauses and recommendations are deliberated by the BAEC on a regular basis, i.e., every two (2) months. Resolution of the audit findings and recommendations are performed by the Management and closely monitored by the Management Audit Committee (MAC) whose members comprised the Management members. In addition to that, the outcome of the Shariah audit reports including their findings, risks, root-causes and recommendations are notified and deliberated at the Shariah Supervisory Council (SSC) meetings. Resources The overall costs incurred to maintain the internal audit function in the Group for the Financial Year 2023 was approximately RM9.69 million (2022: RM8.55 million), consists mainly of salaries and other audit related expenditures. As at 31 December 2023, the GIAD has a staff strength of 40 auditors, all of whom are equipped with the relevant experience and qualifications. In addition, all 40 auditors had obtained the required certification, namely, Certification for Bank Auditors (CBA)/Certified Information System Auditor (CISA) and/or CIAFIN. The GIAD is committed to provide an independent, objective assurance and advisory services that will add value and improve the Group’s operations. 229 1 2 3 4 5 6 7 8 9 www.bankislam.com ACCOUNTABILITY
RkJQdWJsaXNoZXIy NDgzMzc=