Internal Audit Manual
Internal Audit Manual
Internal Audit Manual
AUDIT
MANUAL
I. Introduction and Purpose
It is the responsibility of the Board to oversee that a sound and effective enterprise-wide risk
management framework and appropriate internal control systems are in place to manage the risks and
to provide reasonable assurance against material misstatement or loss. It is also responsible to review
and approve the nature and extent of the key business risks that the Bank is taking in pursuing its
strategic objectives and providing oversight over its risk management policies and procedures and
approving the Internal Audit Charter.
1. Reporting – reliability
3. Compliance – compliant with applicable laws, regulations, contracts, and grant agreements.
The Five (5) Main Components of Internal Controls that are Required to be Addressed:
1. Control Environment
2. Risk Assessment
3. Control Activities
5. Monitoring
CONTROL ENVIRONMENT
Overview
The control environment is the cornerstone for all other components of internal control, it is the
foundation which provides discipline and structure. Control environment factors include the integrity,
ethical values, and competence of the entity.
Objectives:
1. The governing body and management shall do business with utmost integrity and ethical behavior.
2. The governing body and management should pave a path that will enable for proper oversight to the
internal control systems
3. The governing body and management should employ qualified and competent employees fit to
deliver the entity’s tasks.
RISK ASSESSMENT
Overview
BDO’s management and governing body, as well as the Audit Committee assess the risk of
operations continually. The following are the risks that are most common in BDO’s day to day
operations.
Credit risk
Operational risk
Market risk
Liquidity risk
Objectives:
1. Identify and evaluate the internal and external factors that could adversely affect the achievement of
the banking organization’s performance, information, and compliance objectives.
2. Evaluation of risks to determine which are controllable by the bank and which are not.
Overview
Control activities should be an integral part of the daily activities of a bank. An effective internal control
system requires that an appropriate control structure is set up, with control activities defined at every
business level. These should include top level reviews; appropriate activity controls for different
departments or divisions; physical controls; checking for compliance with exposure limits and follow-up
on non-compliance; a system of approvals and authorizations; and a system of verification and
reconciliation.
Objectives:
2. Segregation of duties
An effective internal control system requires that there are adequate and comprehensive internal
financial, operational and compliance data, as well as external market information about events and
conditions that are relevant to decision making. Information should be reliable, timely, accessible, and
provided in a consistent format.
Objectives:
1. To ensure that information of the highest quality aligned with the objectives of the entity is available.
It shall be useful and can be communicated internally and externally by the management.
MONITORING
Overview
The internal control system changes as technology, staff, objectives, and policies change. Management
is charged with continually monitoring the internal control system to determine if it is operating as it
was designed to do and to ensure the controls are being followed.
Objectives:
1. Familiarize staff on activities aimed to monitor the internal controls and evaluation of its results.
2. Address, if any in a timely manner the deficiencies that are noticed in the internal control system.
Internal controls serve as a guide for the organization in completing or achieving their mission,
vision, and any broad goal they might have in mind. Its other purpose besides becoming a guide in
achieving an organization’s primary goal is to provide reasonable assurance.
In accordance with the International Standards for the Professional Practice of Internal Auditing,
the audit scope will encompass the examination and evaluation of the adequacy and effectiveness
of the respective agency’s system of internal control and the quality of performance in carrying
out assigned responsibilities. The audit scope considers the following objectives:
Reliability and Integrity of Financial and Operational Information – Review the reliability and
integrity of financial and operating information and the means used to identify, measure,
classify, and report such information.
Compliance with Policies, Procedures, Laws, Regulations, and Contracts – Review the systems
established to ensure compliance with those policies, procedures, laws, regulations, and
contracts which could have a significant impact on operations and reports and determine
whether the organization is in compliance.
Safeguarding of Assets – Review the means of safeguarding assets and, as appropriate, verify
the existence of such assets.
Effectiveness and Efficiency of Operations and Programs – Appraise the effectiveness and
efficiency with which resources are employed.
Achievement of the Organization’s Strategic Objectives – Review operations or programs to
ascertain whether results are consistent with established objectives and goals and whether the
operations or programs are being carried out as planned.
Internal Audit Plan
In addition to performing the 2022 risk assessment for preparation of this Internal Audit Plan (Plan), this
Plan also includes 2 audits to be performed, first a follow-up of the prior year audit recommendations,
and other tasks that may be assigned by the Audit Committee, or executive management during the
year; and, preparation of the Annual Internal Audit Report for fiscal year 2022.
Risk Assessment
Utilizing information obtained through the completed questionnaires received and background
information reviewed, 17 audit areas were identified as potential audit topics. A risk analysis utilizing the
8 risk factors, mentioned in section I of this report, was completed for each of the 17 potential audit
topics and then compiled to develop an overall risk assessment. Following are the results of the risk
assessment performed for the 17 potential audit topics identified: