Internal Audit Consulting Services

Internal audit is a crucial function for ensuring the integrity of operations and processes within organizations. It provides an independent and objective assessment of internal control systems and risk management, while supporting operational efficiency and compliance with policies and regulations. By offering actionable recommendations based on systematic analysis, internal audit contributes to safeguarding the organization’s assets, supporting decision-makers, and enhancing stakeholder confidence.

What is the definition of Internal Audit Activity?

Internal audit is defined as:

An independent, objective assurance and advisory service designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.

(Source: The Institute of Internal Auditors)

Considering the above definition and the governance rules issued by the regulatory authorities, namely the Central Bank of Kuwait (CBK), Capital Markets Authority (CMA) and Insurance Regulatory Unit (IRU), for companies under their supervision, it is required to establish an organizational unit concerned with internal audit activities as well as to appoint registered jobs for such a purpose. This unit must issue periodic reports to be submitted to the Audit Committee. These periodic reports should address any observations or improvements to operational processes.

What are international standards that govern internal audit activity?

The international methodologies adopted for conducting the internal audit activity are:

1. International Professional Practices Framework (IPPF) issued by the Institute of Internal Auditors (IIA)
2. Standards issued by Information Systems Audit and Control Association (ISACA)

What are the methods of performing the Internal Audit Activity?

Internal audit activity can be carried out using one of the following methods:

1. In-House Internal Audit

   Internal audit activity is performed by the organization’s own internal audit team. This method provides in-depth knowledge of internal activities and processes but may face challenges such as limited expertise or resources.

2. Outsourced Internal Audit

   An external third party, such as a consulting firm or audit firm, is engaged to perform the entire internal audit activity. This approach offers specialized expertise, cost efficiency, and a completely independent opinion, but it may face challenges such as limited understanding of the organization’s internal environment and high reliance on an external party.

3. Co-sourced Internal Audit

   This method is a combination of in-house and outsourced internal audit. It allows the organization to enhance the capabilities of its internal audit team with specialized expertise, facilitates knowledge sharing and skills transfer to internal auditors, and provides flexibility in defining the scope of expert involvement. However, it requires clear roles and responsibilities and ongoing coordination between both parties.

What are the entities that need Internal Audit Services?

Internal audit consulting services are provided to any of the following entities:

1. Entities regulated by the Central Bank of Kuwait
2. Boursa Kuwait-listed Companies
3. Companies licensed by the Capital Markets Authority
4. Companies regulated by the Insurance Regulatory Unit
5. Audit and Inspection Departments in Government Entities
6. Charitable and Public Benefit Societies as per the Ministry of Social Affairs’ instructions
7. Partnership companies and any other business entities

Does the Capital Markets Authority allow licensed companies to outsource the Internal Audit officer as a registered job?

Yes, the Capital Markets Authority allows this, as the Executive Bylaws of Law No. 7 of 2010 regarding the Establishment of the Capital Markets Authority and the Regulating Securities Activities in Module 5, Chapter 3, Article 3-2-8 sets forth the following:

A licensed person may engage an external firm to perform the tasks of the registered jobs as follows:

1. An external firm may be engaged to perform the following tasks of the registered positions:

   • Risk Management Officer
   • Internal Audit Officer
   • Sharia Office Officer

What are the tasks and duties assigned to Internal Audit Officer as per the Capital Markets Authority Bylaws?

This role involves two parts, i.e., the administrative duties and tasks, and the technical duties and tasks.

The administrative duties include performing all necessary activities for managing the internal audit function in terms of maintaining reports and records, submitting the reports to the audit committee and following up the required procedures in this respect.

The technical duties and tasks include the following:

1. Preparing the internal audit plan
2. Implementing the internal audit plan
3. Preparing the internal audit reports based on the internal audit plan
4. Following up the findings raised in the reports

Does the Insurance Regulatory Units allow licensed insurance companies to outsource the Internal Audit officer?

Yes, the Insurance Regulatory Unit permits this, as stipulated in Decision No. 58 of 2023 regarding the issuance of Corporate Governance Rules by the Insurance Regulatory Unit. The decision allows the outsourcing of specific functions or activities in accordance with the provisions of Articles 58 to 64 of the afore-mentioned decision.

What is the added value to business entities from Internal Audit Services?

1. Ensure compliance with the applicable legal and regulatory requirements in the State of Kuwait.
2. Identify the efficiency and effectiveness of the internal controls in place within the business entity through recommending addition of more effective controls to mitigate risks.
3. Enhance the operational efficiency and competitiveness of business entities by strengthening their ability to address risks through identifying the root causes that led to failures in implementing internal controls.
4. Assist business entities in establishing robust risk management and internal control framework.
5. Promote transparency and accountability through monitoring activities and reporting.

What are the Services offered by Baker Tilly Kuwait?

1. Outsourced Internal Audit Activity
2. Outsourced Internal Audit Officer function as per the CMA and IRU requirements