Terms of Reference for the Internal Auditor

The Mission of the internal auditor [or internal audit department] is to provide independent and objective assurance to the board and the management of the company on the adequacy, efficiency and effectiveness of risk management, internal control systems and governance processes in the company and to contribute to the effective delivery of the company’s business strategy.

The work of the internal auditor is designed to determine whether the company’s risk management, control and governance systems and processes are adequate and functioning in a manner to ensure that:

  1. Risks are appropriately identified and managed.
  2. The actions of staff comply with relevant laws, regulations, policies, standards and procedures.
  3. Material financial, management and operating information is accurate, reliable and communicated in an effective and timely manner.
  4. Organization structures in each function and subsidiary company of the company are adequately defined so that accountability and reporting lines are clear.
  5. Resources are acquired economically, utilized efficiently and adequately protected.
  6. Programs, plans and objectives are achieved.
  7. Significant regulatory or legislative issues are recognized and appropriately addressed.
  8. Opportunities for improving policies, practices and processes may be identified during audits. These will be communicated, as appropriate to management.
  9. The internal auditor may be called upon to give advice on governance and internal control matters. Such advice will be both expert and practical.
  1. Develop an annual audit plan and budget and submit it to the chief executive officer (CEO) for review prior to approval by the audit committee and provide quarterly updates and such additional updates as are required by the audit committee.
  2. Deliver the approved audit plan in a cost effective manner.
  3. Maintain a professional audit staff with sufficient knowledge, skills and experience to meet Internal Audit’s objectives.
  4. Report objectively and impartially, and conduct its work in a balanced and professional manner.
  5. Report to management and the audit committee on the following:
    1. Compliance with the company’s policies, controls and procedures
  6. Keep up-to-date with trends and best practices in internal auditing.
  7. [In co-operation with the compliance function] assist in the detection and investigation of significant suspected conflicts of interest and fraudulent activities, while promoting suitable preventative policies and practices.
  8. Attend general assemblies.
  9. Consider the scope of work of the risk management and internal audit functions in the group as a whole, the external auditors and regulators for the purpose of providing optimal audit coverage for the company in a cost effective manner.

The internal auditor derives its authority from the board and audit committee, and reports administratively to the chief executive officer and functionally to the board and its audit committee. It is authorized to:

  1. Have unrestricted access to all functions, divisions, subsidiary companies, premises, records and to staff.
  2. Have unrestricted access to the audit committee.
  3. Allocate resources and fulfill the requirements of the approved annual audit plan and budget to meet its objectives.
  4. Conduct such other investigations or audits requested by the board, audit committee or the Chief Executive Officer.

The internal auditor shall be appointed and dismissed by the audit committee in consultation with the CEO. The performance of the internal auditor shall be evaluated annually by the directors of the audit committee in consultation with the CEO and the outcome of the evaluation shall be part of the audit committee’s annual review of the effectiveness of the internal audit function. The internal auditor is accountable to the audit committee and the board to:

  1. Provide an annual assessment of the adequacy and effectiveness of the company’s policies, processes and procedures for internal control and risk management.
  2. Report regularly on significant issues related to these policies, processes and procedures, and to recommend improvements when appropriate.
  3. Recommend remedial action to management to address any weaknesses in internal control and, where agreed action is not implemented in a timely manner, to investigate the reasons and to report its findings to the audit committee.
  4. Provide information on performance against the annual audit plan and report on the sufficiency of Internal Audit resources.
  5. Coordinate its activities with other risk management and internal audit functions in the Group and with the external auditors.