Thursday, 25th June 2009Internal Audit Function

A Statutory Requirement

Each regulated entity is required to establish and maintain an independent audit function as per the Anti-money Laundering and Terrorist Financing (Amendment) Code of Practice, 2009 (the "Code of Practice"), gazetted on 5 February 2009.  Section 11(3A) of the Code of Practice states,  "every entity and professional shall establish and maintain an independent audit function that is adequately resourced to test compliance, including sample testing, with its or his written system of internal controls and other provisions of the Anti-money Laundering Regulations, 2008 and this Code."  The concept of internal audit is therefore no longer an optional one of applying best practice, but rather a statutory obligation imposed on each regulated entity by the Code of Practice. 

Internal audit should not be considered a one-off or annual event; it is a function which should be appropriately staffed and used continuously to provide management with relevant information in relation to the Company's compliance with its written system of internal controls and statutory obligations.  The internal audit function is an invaluable resource which, if used effectively, can amongst other things, assist management with identifying any existing areas of non-compliance or weakness, suggest recommendations for correction and therefore contribute to the entity's effective corporate governance framework.

The internal audit function can be performed by an employee of the organization, once he is deemed independent, or outsourced to an independent, qualified and experienced firm.  Regardless of the option selected, management must ensure that the chosen auditor can and will function independently and will be able to make objective assessments in a transparent and fair manner.

For further information regarding internal audit or outsourcing of the function, please contact Kyria Ali.