Professional Documents
Culture Documents
3 August 2008
Prepared by:
Financial Institutions Business and Accounting Policy Office
Regulatory Policy Department
Financial Institutions Policy Group
Tel 0-2283-6876, 0-2283-6928
Fax 0-283-5938
Email: BOPTeam@bot.or.th
BOT Policy Statement Re: Internal Audit of Financial Institutions (11 September 2018) -check
Unofficial Translation
With collaboration between the Bank of Thailand and the Association of International Banks
This translation is for the convenience of those unfamiliar with the Thai language.
Please refer to the Thai text for the official version.
------------------------------------
Policy Statement of the Bank of Thailand
RE: Guidelines for Internal Audit of Financial Institutions
______________________________________________________
1. Rationale
The internal control system and the internal audit system are very important
components to good corporate governance. It is the internal auditor’s essential role
to assess the effectiveness and enhance the standard of the internal control system
of financial institutions which are key requirements in strengthening the stability of
the overall financial system. Therefore, the appropriate internal audit structure of
financial institutions is very important.
The essence of the guideline has not been changed from the existing one.
2. Scope of Application
This Policy Statement shall apply to all financial institutions in accordance
with the laws on financial institutions businesses.
4. Contents
(1.3) CIA shall set out the responsibilities for the personnel
or subdivision within the internal audit department and shall submit and obtain
approval from the management, the audit committee and the board of directors
before exercising. The responsibilities shall be set according to the size, characteristic
and complexity of the activities, as well as the objective and scope of the internal
audit.
(1.4) Internal auditors shall not be responsible for other
activities aside from auditing. In general, personnel in other department shall not be
assigned to work in the internal audit department. However, in a special case, the
internal audit department may, temporarily, seek advice from other department for
specific tasks. In addition, internal auditor shall have unlimited access to the
necessary data, assets, personnel and financial institutions’ office. Otherwise,
internal auditor shall submit a written notification to the audit committee or the
board of directors immediately to resolve the problem with the management.
BOT Policy Statement Re: Internal Audit of Financial Institutions (11 September 2018) -check
(2) Objectivity
(2.1) Objectivity means an independent state of mind, which
will allow the internal auditor to exercise judgment opinion and recommendation
without bias.
(1) Resources
Internal audit department shall obtain adequate resources in
order to carry out its tasks efficiently. The CIA shall estimate the required amount of
resources according to the size and complexity of the financial institutions’
operation. The required amount of resources shall be approved by the audit
committee or the board of directors. In addition, CIA shall set up an appropriate
guideline for recruiting internal auditors. For the special area, CIA may hire specialist
or consultant to ensure the efficiency of the auditing.
(3) Supervision
Supervision is a continuing process starting from planning to
concluding the audit result and following up on the recommended improvement.
The CIA shall ensure that the objective of the auditing which is specified on the audit
program has been fulfilled. CIA shall also set the appropriate time frame for each
audit assignment in accordance with the characteristic and complexity of the
assignment.
(5) Training
The audit committee and the board of directors shall arrange a
necessary training for the internal auditors. Internal audit department shall prepare a
continuous education and training program or internal auditors to enhance their
BOT Policy Statement Re: Internal Audit of Financial Institutions (11 September 2018) -check
auditing standard and technical skills, as well as to allow them to apply new auditing
techniques to be in line with the business trend and development. The CIA shall
organize the on-the-job-training for new auditors under supervision of knowledgeable
and experienced auditors. CIA should also set up a budget for the training by
consulting the audit committee or the board of directors and the chief executive
officer (CEO). Apart from the training arranged by the financial institutions, internal
auditors shall continuously acquire additional knowledge themselves to enhance
their skills.
(1) Management
Respect and cooperation shall be prevailed between the
management and internal auditors. Consulting with management may reveal the
critical point which CIA should concern. Internal auditors shall exercise special
expertise in giving value added advice to the management.
(2) Examinee
Internal auditors shall maintain good relationship with the
examinees in order to obtain their cooperation which will allow the internal auditors
to carry out the auditing smoothly. However, the internal auditors shall maintain
their neutral position during the auditing.
(2.2) The audit plan and material changes to the plan shall
be approved by the audit committee or the board of directors. Such plan shall be
flexible enough to response to the priority changes or necessity and shall be
reviewed regularly. In addition, the progression of the plan shall be reported to the
audit committee or the board of directors periodically.
The Bank of Thailand may request for the audit report and relevant
working papers which prepared by the external auditors. Financial institutions shall
prove to the Bank of Thailand that the outsourced company obtains adequate
expertise, sound financial status, independence and independent from the audit
assignment. In addition, such company should have adequate auditors with
knowledgeable and experience. The reporting process between the outsourced
company and financial institutions shall be clearly defined to support
communication in case there is a problem arising from auditing. Financial institutions
shall continuously assess, monitor and build a good relationship with the outsourced
company.
BOT Policy Statement Re: Internal Audit of Financial Institutions (11 September 2018) -check
In case financial institutions assign partial or entire internal audit to
regional internal audit or Head Office internal audit under the same entity, this does
not consider an outsourced internal audit.
In this regard, financial institutions shall refer to the BOT
notification No. FPG 8/ 2557 Re: Regulations on Outsourcing of Financial
Institutions
BOT Policy Statement Re: Internal Audit of Financial Institutions (11 September 2018) -check
and review separately from the internal audit department, that department shall be
responsible for such matters.
BOT Policy Statement Re: Internal Audit of Financial Institutions (11 September 2018) -check
of the financial institutions’ activity and the risk level acceptable by the financial
institutions.
5. Effective Date
This Policy Statement shall come into force with effect from 4 August 2008
onwards.
BOT Policy Statement Re: Internal Audit of Financial Institutions (11 September 2018) -check