BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player



Location: Central Bank of Bahrain Volume 4—Investment Business > Part A > High Level Standards > HC High-Level Controls Module > HC-6 Management Structure > HC-6.4 Internal Audit
  • HC-6.4 Internal Audit

    • HC-6.4.1

      Bahraini investment firm licenseesG must establish an internal audit function to monitor the adequacy of their systems and controls.

      January 2011

    • HC-6.4.2

      The internal audit function must be independent of the senior managementG , reporting either to the Board or its Audit committee (where applicable). The internal audit function must not be combined with any other function.

      Amended: July 2015
      January 2011

    • HC-6.4.3

      The CBB would normally expect larger investment firm licenseesG to maintain the internal audit function within the organisation (or at least to be provided from within the licensee'sG group, where relevant, providing this doesn't impair the level of internal audit scrutiny applied to the licenseeG ). The CBB will however consider allowing small investment firm licenseesG to outsource part or all of their internal audit function to third party providers.

      January 2011

    • HC-6.4.4

      Where investment firm licenseesG outsource part or all of their internal audit function, the outsourcing arrangements must provide for an adequate level of scrutiny of the licenseeG , and must comply with the requirements contained in Chapter RM-7. A licenseeG cannot outsource its internal audit function to its external auditor.

      January 2011

    • HC-6.4.5

      Prior approval from the CBB is required for significant outsourcing arrangements, including all outsourcing of internal audit. Note that in all such cases, the licenseeG retains ultimate responsibility for the adequacy of its outsourcing function, and is required to identify the person within the licenseeG responsible for internal audit: this person should be an approved personG (see Section AU-1.2 and Chapter RM-7).

      January 2011

    • HC-6.4.6

      Internal audit functions must have terms of reference that clearly indicate:

      (a) The scope and frequency of audits;
      (b) Reporting lines; and
      (c) The review and approval process applied to audits.
      January 2011

    • HC-6.4.7

      Paragraph HC-6.4.6 applies irrespective of whether the internal audit function is outsourcedG . Where it is outsourcedG , the CBB would expect to see these matters addressed in the contract with the outsourcing providerG .

      January 2011

    • HC-6.4.8

      Internal audit functions must report directly to the Audit committee or, where none exists, to the Board. They must have unrestricted access to all the appropriate records of the investment firm licenseeG . They must have open and regular access to the Audit Committee, the Board, the Chief ExecutiveG , and the licensee'sG external auditor.

      January 2011

    • HC-6.4.9

      Internal audit functions must have adequate staff levels with appropriate skills and knowledge, such that they can act as an effective challenge to the business. Where the function is not outsourced, the head of functionG should be a senior and experienced employee. Internal audit functions must not perform other activities that compromise their independence.

      January 2011

    • HC-6.4.10

      The CBB would expect to see in place a formal audit plan that:

      (a) Is reviewed and approved at least annually by the Audit Committee or, where none exists, the Board;
      (b) Is risk-based, with an appropriate scoring system; and
      (c) Covers all material areas of a licensee'sG operations over a reasonable timescale.
      January 2011

    • HC-6.4.11

      Internal Audit reports should also be:

      (a) Clear and prioritised, with action points directed towards identified individuals;
      (b) Timely; and
      (c) Distributed to the Audit Committee or Board and appropriate senior managementG .
      January 2011

    • HC-6.4.12

      Investment firm licenseesG should also have processes in place to deal with recommendations raised by internal audit to ensure that they are:

      (a) Dealt with in a timely fashion;
      (b) Monitored until they are settled; and
      (c) Raised with senior managementG if they have not been adequately dealt with.
      January 2011

    • HC-6.4.13

      The internal auditor is considered as a head of functionG (see Paragraph AU-1.2.11) and is subject to CBB prior approval for the approved personG occupying this controlled functionG as outlined in Section AU-1.2.

      January 2011

Back to top