The Internal Audit charter serves as a guide to the Internal Audit Department of Gulf Finance & Investment Co. S.A.L. (the "Company") in the performance of its duties. It intends to provide a basis for Management and the Audit Committee to use in evaluating the operations of the Internal Audit function. The components of this charter include:
- The mission of the Internal Audit Department
- The scope of the Internal Audit activities
- The Internal Audit Department's authority and its position within the Company to ensure its independence
- The responsibilities of the Internal Audit Department
- The accountability of the Internal Audit Department
- The Audit Plan
- The reporting
- The relationship and coordination with the External Auditor
- MISSION STATEMENT
- The mission of the Internal Audit Department is to provide independent, objective assurance and support designed to add value and improve the Company's operations and systems of internal controls. The Internal Audit Department assists the Company with accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
- SCOPE OF WORK
- The scope of audit coverage is company-wide and no department or business unit of the Company is exempt from audit and review.
In order to fulfill its mission, the Internal Audit Department must determine whether the Company's network of risk management, control, and governance processes, as designed and represented by Management, is adequate and functioning in the following manner:- The examination and evaluation of the adequacy and effectiveness of the internal control systems at various operations and activities of the Company.
- The review of the application and effectiveness of risk management procedures and risk assessment methodologies at various operations and activities of the Company.
- The review of Management and financial information systems, including the electronic information system.
- The review of the accuracy and reliability of the Company’s accounting records and financial reports.
- The testing of both transactions and functioning of specific internal control procedures at various Company departments and offices.
- The evaluation of adherence to legal and regulatory requirements and approved policies and procedures.
- The evaluation of effectiveness of existing policies and procedures and give recommendations for improvements.
- Identifying opportunities for cost savings and making recommendations for improving cost efficiencies.
- The carrying out of special investigations assigned by the Audit Committee and the Chairman.
- AUTHORITY AND INDEPENDENCE
- The Internal Audit Department is authorized to:
- Have unrestricted access to all company activities, records, property and personnel, relevant to the performance of audit function. Restriction to these accesses imposed by any employee or Management of the Company, which prevents the Internal Audit Department from performing its duties, will be reported immediately to the Chirman or directly to the Audit Committee.
- Determine scope of work and apply techniques required to accomplish audit objectives.
- Obtain the necessary assistance of personnel in various departments of the Company where they perform audits.
To provide for the independence of the Internal Audit Department, its personnel shall report to the Head of Internal Audit, who in turn reports to the Audit Committee. The Head of Internal Audit will meet privately at least once every fiscal quarter, with the Audit Committee. In addition, the Head of Internal Audit will have direct access to the Audit Committee and will take directly to it any matter that is believed to be of sufficient magnitude and importance to require immediate attention of the Audit Committee.
- RESPONSIBILITIES
- The Internal Audit Department has the responsibility to:
- Develop an annual Audit Plan using appropriate risk-based methodology, including risk or control concerns identified by Management and the Audit Committee, and submit that plan to the Audit Committee for review and approval.
- Implement the annual Audit Plan, as approved, including, and as appropriate, any special mandates or projects requested by Management and the Audit Committee.
- Maintain a professional audit staff with sufficient knowledge, skills, experience and professional certification to meet the requirement of this Charter.
- Issue an audit report to management and any other relevant parties at the conclusion of each audit in order to communicate the audit findings, recommendations and Management action plans.
- Follow up on outstanding Management action plans to ensure significant risks and major deficiencies identified are effectively addressed and remediated by Management within the mutually agreed timeframe.
- Issue periodic quarterly reports to the Audit Committee summarizing the status and the results of audit activities.
- Identify key processes supporting financial reporting, assist business process owners to identify and document effective internal controls, and test key financial reporting controls in identified financial systems.
- Keep the Audit Committee informed of emerging trends and successful practices in internal auditing.
Opportunities for improving Management control, profitability, and the Company's image may be identified during audits. They will be communicated to the appropriate level of Management. The internal audit process, however, does not relieve departmental heads / chief managers of their responsibility for the maintenance and improvement of controls in their respective areas.
- ACCOUNTABILITY
- The Internal Audit Department, in the discharge of its duties, shall be accountable to the Audit Committee to:
- Submit an assessment on the adequacy and effectiveness of the Company’s processes for controlling its activities and managing risks in all areas of the Company’s operations on an annual basis.
- Report significant issues related to the processes for controlling the activities of the Company, together with recommendations for improvements to those processes.
- Provide information on the status and results of the annual audit plan on a quarterly basis.
- Coordinate with external auditors and provide oversight of other control and monitoring functions.
- The performance of the Internal Audit Department will be evaluated by the Audit Committee.
- AUDIT PLAN
- The annual Audit Plan is developed in the beginning of each year based upon input from key Management and a detailed, thorough risk assessment by the Internal Audit Department.
The annual Audit Plan may include a mix of the following types of audit activity: - Financial audits, including determining the accuracy and reliability of data developed within the Company, and determining that corporate assets are properly safeguarded.
- Reviews of internal controls related to significant systems and processes to determine whether or not they are properly designed and functioning as intended.
- Reviews of compliance with the Company's significant policies and procedures.
- Reviews compliance with laws in force and regulations issued by Banque du Liban and the Banking Control Commission and other significant external requirements/regulations, including accounting rules and regulations applicable.
- Strategic audits, including due diligence activities and review of the execution of the Company's strategic objectives.
- Operational audits focusing on improving efficiencies or effectiveness with a goal of contributing to cost reduction efforts.
To develop the annual Audit Plan, an overall risk-based approach is used to ensure that the Internal Audit function provides the greatest possible benefit to the Company. On an ongoing basis, matters considered in developing the annual Audit Plan include the following: - Review and understanding of the strategic and business plans of the core businesses.
- Significant degree of risk for potential loss exposure to the Company.
- Significant opportunities to achieve operating benefits.
- Existence of significant known error s, irregularities or control weaknesses.
- Results of previous audits.
- Major changes in operations, systems or controls.
- Major changes in regulatory or other requirements.
- Request from Management, Audit Committee and External Auditor.
Each year, Internal Audit representatives will work with the Management to perform risk assessment activities designed to identify and prioritize the Company's key risks and related processes. This information will be used to identify the audit mandates that will be included in the annual Audit Plan.
Based on the risk assessment performed, the Internal Audit Department will present a proposed annual Audit Plan to the Audit Committee for approval, which will include recommended activities to be audited, the timing of those audits, and the estimated resources needed. Any significant deviation from the formally approved Audit Plan will be communicated to the Audit Committee.
Internal Audit planning is developed in a manner that allows for the coverage of the Company's highest risk areas in a 2 years period. Significant, critical risks will be covered more frequently.
- REPORTING
- A written report will be prepared and issued by the Internal Audit Department following the conclusion of each audit and will be distributed as appropriate. The report will include our findings and recommendations along with the audited business unit/department Management action plans. Each recommendation will be rated and an overall rating will be attributed to the audit. The significance of the recommendations will impact the timelines of our follow-up.
- RELATIONSHIP & COORDINATION WITH THE EXTERNAL AUDITOR
- The Internal Audit Department will work proactively with the External Auditor to determine areas where assistance and direct audit comfort can be provided by the Internal Audit Department. The Internal Audit Department will regularly meet with the External Auditor to discuss the internal and external audit plans and to share knowledge of any issues. These meetings will ensure that the roles of the two functions are coordinated and that there is no duplication.