BIMB Integrated Annual Report 2019

INTERNAL AUDIT FUNCTION Independence and Responsibilities The internal audit function is to undertake independent review and assessment on the adequacy, efficiency and effectiveness of risk management, internal control and governance practices implemented by the Management. The Internal Auditors of BHB and its subsidiaries (save for Syarikat Takaful Malaysia Keluarga Berhad) is carried out by the Internal Audit Division (“ IAD ”) of Bank Islam and is independent of the activities or operations of other operating units in the Group. To maintain its independence, proficiency and professionalism as outlined in the Audit Charter, the internal audit function reports to the BAEC and administratively to the Chief Executive Officer. The IAD is led by the Chief Internal Auditor namely Encik Zalfitri Abd Mutalib (“ Encik Zalfitri ”). Encik Zalfitri has over 20 years audit experience in the financial and banking industry. Encik Zalfitri is a Certified Public Accountant and a Fellow member of the ACCE. He is also a Certified Internal Auditor for Financial Institution. The primary responsibilities of the IAD are to undertake regular and systemic reviews of the risk management process, internal control and governance practices of BHB and its Group in conformance with the International Professional Practices Framework and the Internal Audit Charter so as to provide reasonable assurance that the risk management process, internal controls and governance practices are operating satisfactorily and effectively and are in line with the Group’s goals and objectives. The internal audit functions of Bank Islam and Takaful Malaysia are carried out by their respective internal audit divisions. Methodology and Framework IAD evaluates the effectiveness of the risk management process and the adequacy and effectiveness of controls in responding to the risks within the organisation’s governance, operations and information systems. The IAD shall have an effective audit methodology to assess the risk profile and vulnerabilities of each auditable area. The IAD adopts a risk-based methodology which focuses on the following three (3) components: i. Impact and likelihood of the inherent risk; ii. The respective controls in place; and iii. Existence of effective risk transfer and loss impact reduction practices in minimising potential losses from negligence or fraud. To effectively manage its functions and perform the audit engagement, IAD adopt the standards and principles outlined in the Internal Control Framework of Committee of Sponsoring Organization of the Treadway Commission (“ COSO ”) and the objectives set by the Institute of Internal Audit’s International Professional Practices Framework which comprises core principle for the Professional Practice of Internal Auditing, the definition of Internal Auditing and Code of Ethics. Based on the annual risk assessment, the IAD will draw up an audit plan covering all audit assignments to be performed over the financial year period. This annual audit plan will be tabled and approved by the BAEC or the Board of Directors. Scope and Resources The BAEC reviews the adequacy and relevance of the scope, functions, resources, procedures, risk based internal audit plans and results of the internal audit processes, with the IAD. It also reviews and approves the Annual Internal Audit Plan, which include the audit scope, methodology and practices, timing and resources, assessment of risk, comparison of actual versus budgeted time spent on assignments and audit fee. The audit covered during the financial year includes, but is not limited to accounting and finance, legal, secretarial and regulatory compliance, human resources, information technology, corporate communication, strategic management and subsidiaries. Amongst the key areas reviewed during the financial year ended 2019 are: i. Procurement and Finance; ii. Media and Communication; iii. Corporate Governance; iv. Human Resources; v. Regulatory and Shariah Compliance; vi. Operation and Risk Management; vii. Investments; viii. Corporate Strategy; ix. Information Technology; x. Cyber Security; xi. Fraud and Bribery; and xii. Business Continuity Management. 145 BIMB HOLDINGS BERHAD 199701008362 (423858-X) Shareholders’ Information Financial Statements Additional Information Disclosure Summary