Internal audit is defined as:
An independent and objective assurance and consulting activity designed to add value to and improve an organization’s operations and help it achieve its objectives by providing a structured and disciplined methodology to evaluate and improve the effectiveness of risk management, control and governance processes.
(Source: The Institute of Internal Auditors)
Considering the above definition and the governance rules issued by the regulatory authorities, namely the Central Bank of Kuwait (CBK), Capital Markets Authority (CMA) and Insurance Regulatory Unit (IRU), for companies under their supervision, it is required to establish an organizational unit concerned with internal audit activities as well as to appoint registered jobs for such a purpose. This unit must issue periodic reports to be submitted to the Audit Committee. These periodic reports should address any observations or improvements to operational processes.
What are international standards that govern internal audit activity?
The international methodologies adopted for conducting the internal audit activity are:
- International Professional Practices Framework (IPPF) issued by the Institute of Internal Auditors (IIA)
- Standards issued by Information Systems Audit and Control Association (ISACA)
Does the Capital Markets Authority allow licensed companies to outsource the Internal Audit officer as a registered job?
Yes, the Capital Markets Authority allows this, as the Executive Bylaws of Law No. 7 of 2010 regarding the Establishment of the Capital Markets Authority and the Regulating Securities Activities in Module 5, Chapter 3, Article 3-2-8 sets forth the following:
A licensed person may engage an external firm to perform the tasks of the registered jobs as follows:
An external firm may be engaged to perform the following tasks of the registered positions:
- …………
- Internal Audit Officer
- …………..
What are the tasks and duties assigned to Internal Audit Officer as per the Capital Markets Authority Bylaws?
This role involves two parts, i.e., the administrative duties and tasks, and the technical duties and tasks.
The administrative duties include performing all necessary activities for managing the internal audit function in terms of maintaining reports and records, submitting the reports to the audit committee and following up the required procedures in this respect.
The technical duties and tasks include the following:
- Preparing the internal audit plan
- Implementing the internal audit plan
- Preparing the internal audit reports based on the internal audit plan
- Following up the findings raised in the reports
Does the Insurance Regulatory Units allow licensed insurance companies to outsource the Internal Audit officer?
Yes, the Insurance Regulatory Unit permits this, as stipulated in Decision No. 58 of 2023 regarding the issuance of Corporate Governance Rules by the Insurance Regulatory Unit. The decision allows the outsourcing of specific functions or activities in accordance with the provisions of Articles 58 to 64 of the afore-mentioned decision.
What is the added value to business entities from Internal Audit Services?
- Ensure compliance with the applicable legal and regulatory requirements in the State of Kuwait.
- Identify the efficiency and effectiveness of the internal controls in place within the business entity through addition or update to ensure sustainable updates.
- Enhance the business entity’s performance efficiency and competitive capabilities by having the ability to face unforeseen changes in the market and define the causes of failure to implement internal controls.
- Enhance transparency and accountability by following up on activities and reports.
What are the Services offered by Baker Tilly Kuwait?
- Outsourced internal audit activity and prepare the relevant periodic internal audit reports.
- Outsourced Internal Audit Officer function as per the CMA and IRU requirements