Financial Crime World

Here’s a reformatted version of the article in markdown format:

Policy and Scope of Internal Audit Work for Financial Institutions in Thailand

Scope of Internal Audit Work

The Bank of Thailand (BOT) Policy Statement Re: Internal Audit of Financial Institutions (2018) outlines the key areas that internal audit work should cover.

  • Internal Control System: Management is responsible for establishing a strong internal control system to ensure stability and reduce risk.
    • This includes identifying, assessing, and mitigating risks
    • Developing policies and procedures to prevent and detect frauds, errors, omissions, and irregularities
  • Detection of Frauds, Errors, Omissions, and Irregularities: Management is responsible for preventing and examining frauds, errors, omissions, and irregularities.
    • Internal auditors should be alert when there are changes in financial circumstances that may reduce the efficiency of the existing internal control system or increase the risk of frauds and errors
  • Management Audit: Internal auditors should provide value-added services to management by reviewing whether resources have been utilized efficiently, effectively, and economically.
    • This includes assessing the effectiveness of management controls and procedures
    • Evaluating the efficiency of resource utilization
  • Information System Audit: The internal auditor must evaluate the information technology (IT) system to ensure that the internal control is sufficient, efficient, and covers all activities undertaken with the computer.
    • This includes assessing the security and integrity of IT systems
    • Evaluating the effectiveness of IT controls

Consultative Role

Internal auditors may be asked to give advice on launching new products, new operating systems, and associated risks. However, this consultative role should be reported to management beforehand to maintain auditor independence.

Scope of Audit Work

The scope of audit work should cover all activities of financial institutions, including branches, and outsourced activities. The internal auditor should verify that each audit work covers sufficient details on risk factors and consider the random sampling level of audits.

  • Audit Coverage: The scope of audit work should cover all areas of financial institutions, including:
    • Branches
    • Outsourced activities
    • IT systems
  • Risk Assessment: Internal auditors should assess risks and identify areas that require further attention.
  • Random Sampling: Audit work should include random sampling to ensure a representative sample of transactions and processes.