With its commitment to Integrity, objectivity, confidentiality and competency, the Internal Audit Department helps the Bank to achieve its goals by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
Dual reporting, functionally to the Board of Directors through the Audit Committee, and administratively to the Senior Management, provides the Internal Audit function with the necessary independence to carry out its responsibilities in an effective and efficient manner. Dual reporting also helps the Audit Committee, established by and among the Board of Directors to fulfill its oversight responsibility over the performance of the Bank's Internal Audit function.
The Internal Audit activity's purpose, authority and responsibility are defined in the Internal Audit Charter, which is approved by the Audit Committee. This formal document (i) establishes the Internal Audit activity's position within the Bank, (ii) authorizes access to records, personnel and physical properties relevant to the performance of engagements and, (iii) defines the scope of the Internal Audit activities.
On an annual basis, the Head of the Internal Audit Department assesses the Audit Universe which lists all the possible audits that could be performed. Subsequently, an annual risk-based plan is established, for a two-year period cycle, which determines the priorities of the Internal Audit activity, in consistency with the Bank's goals.
The Internal Audit plan is reviewed and updated regularly, and as needed, in response to changes in the Bank's operations, processes, risk appetite and objectives, aforementioned plan and subsequent changes are approved by the Audit Committee.