Internal Audit function is an independent unit of a specific legal entity that reports directly to the Board of Directors. Besides informing the Board during its ordinary meetings, it briefs the Chairman, the Board Audit and Risk Committee, and the Operating Committee on a quarterly and on as needed basis.
The charter of Internal Audit is to review the internal controls in the company’s processes and to report on those controls with respect to the adequacy, effectiveness, and efficiency of their design as well as their actual functioning on a day-to-day basis. All parts of the company and its subsidiaries are open for review by Internal Audit.
The majority of the audit work is executed according to an annual plan, which needs to be approved by the Board of Directors. Such plan will take into account risks that have been identified. Special audits or reviews including surprise audits are conducted as needed. The combination of the regular audits and the special audits provide management with objective assurance and insight on the functioning of the internal control system; it gives management an additional channel to learn about existing or possible future weaknesses in the system, which allows management to address them in a timely manner.
On a regular basis, Internal Audit may encourage self-assessments activities by the company, its division and subsidiaries by completing self-assessment checklists in relation to control procedures within the company. Internal Audit sees to it that control activities do take place and reviews the submissions made by the management to ensure the quality of the process; it consolidates the results of the self-assessments for the Board Audit and Risk Committee and the Board of Directors.
The appointment or dismissal of Head of Internal Audit shall be approved by Audit and Risk Committee and further submitted to the BOD’s Meeting for a resolution.
In Malaysia, in addition of the robust internal control policies and procedures, and the compliance commitment, couple with risk ownership by senior managements, special attention must be given to the new strict statutory corporate liability offence under Section 17A of the Malaysian Anti-Corruption Commission Act 2018 (Amended). Section 17A gives rise to corporate liability offence to corporate entities if any persons associated with the corporate entities commit a corrupt act. Any act of offering, promise or giving any gratifications for the purpose of retaining or obtaining a business or advantage over others may be considered a corrupt act and persons associated with the corporate entities are directors, partners, senior managements, employees and other persons (third parties) who perform services for or on behalf of the corporate entities. With regards to the latter, a robust third-party due diligence mechanism must be in place within the company to screen all potential and existing third parties that are acting for or on behalf of the company in all critical risk areas such as business development, finance and procurement activities.
If a commercial organisation is found guilty under Section 17A, the penalty under Section 17A (2) is a fine of not less than 10 times the value of the bribe or RM 1 million, whichever is higher, or imprisonment for up to 20 years, or both.
We, Megat Faizal Musa & Co specializes in gap assessment of internal auditing policies and procedures, COSO framework application, provide comprehensive and mitigating recommendations, due diligence on high-risk areas, third party due diligence policies (Anti-Bribery purposes) and other related internal auditing activities.
For more information, please contact the below.
Megat Faizal Musa | megat.faizal@mfmco.my | 010-372 6830 |
Lee.MF | lee.mf@mfmco.my | 010-381 2996 |