1. Core purpose
The purpose of Internal Audit Department(IAD) is to help and support the Bank of Thailand to accomplish its objectives by:
Providing an independent and objective assurance and consulting service designed to add value and improve the bank' s operations.
Bringing systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
1) To provide the effective and value added internal auditing services.
2) To offer managements the consulting services to enhance the effectiveness of risk management, control, and governance processes.
3) To promote Bank-wide risk awareness and provide managements the consulting services to improve the overall Bank' s operations.
1) The scope of work of the IAD is to determine whether the Bank's network of risk management, control and governance processes are adequate and functioning in a manner to ensure:
- Risk are appropriately identified and managed.
- Interaction with the various governance groups occurs as needed.
- Significant financial, managerial and operating information is accurate, reliable, and timely.
- Employee's actions are in the compliance with policies, standards, procedures, and applicable laws and regulations.
- Resources are economically acquired, efficiently used, and adequately protected.
- Programs, plans, and objectives are effectively and efficiently achieved.
- Quality and continuous improvement are fostered in the organization's control process.
- Significant legislative or regulatory issues impacting the organization are recognized and addressed appropriately.
2) Provide the special auditing services as necessary.
1) The auditors are authorized to
- Have unrestricted access to all functions, records, properties, and personnel as necessary to execute the engagement.
- Obtain the assistance from associated party to provide the information as necessary
- Have full and free access to the audit committee
- Allocate resources, set frequencies, select subjects, determine scope of work, and apply the techniques required to accomplished audit objectives.
- Obtain the necessary assistance of personnel in specialized services from within or outside the organization.
2) The auditees have responsibilities to:
- Cooperate with auditors to carry out the audit project.
- Promptly provide the reliable information as necessary.
- Allow the auditors to perform their audit activities of the whole working processes.
- Immediately report to the IAD in any situations where inappropriate action is present or may reasonably be inferred.
- Timely inform the IAD in the case of changing the control system.
3) The auditors are unauthorized to
- Perform any operational duties for the organization or its affiliates.
- Initiate or approve accounting transactions external to the IAD.
- Direct the activities of any employees not employed by the IAD, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.
To provide for the independence of the IAD, the Chief Audit Executive reports functionally and administratively to the Governor and periodically to the Audit Committee in the manner outlined in the below section on Accountability.
The Chief Audit Executive is accountable to Governor and the Audit Committee to:
1) Provide an assessment on the adequacy, efficiency, and effectiveness of the Bank's risk management processes in the areas under the scope of work.
2) Report significant issues related to the processes for controlling the activities of the organization, including potential improvements to those processes.
3) Provide information on the status and results of the annual audit plan and the sufficiency of department resources.
The chief audit executive and staff of the IAD have responsibility to:
1) Develop the flexible annual audit plan using an appropriate risk-based methodology and submit that plan through the Audit Committee for approval and report the top management committee for acknowledgement.
2) Implement the annual audit plan, as approved, including as appropriate any special tasks or projects as requested.
3) Maintain a professional audit staff with sufficient knowledge, skills, and experiences.
4) Assess the adequacy of the control and the risk management processes of the new or changing operations in order to provide the appropriate recommendation accordingly.
5) Issue periodic reports to the Audit Committee and the Governor summarizing results of audit activities.
6) Assist in the investigation of significant suspected fraudulent activities within the organization and notify the Governor and the Audit Committee of the results.
7) Consider the scope of work of the external auditors, as appropriate, for the purpose of providing optimal audit coverage to the organization.