CFSL - Annual report 2018

Governance and structure The Internal Audit Function of Cim Finance Ltd is an independent appraisal and consulting activity that adds value, examines and evaluate activities of the company. A strong internal control system, including an independent and effective Internal Audit Function, is part of sound corporate governance. The mission of the Internal Audit Function is to provide vital and independent assurance to the Board and management on the quality of the company’s internal control system, risk management and governance processes. The objectives are to assist members of the Board and management in the effective discharge of their responsibilities. In line with good governance principles, Internal Audit functionally reports to the Audit Committee on a quarterly basis. Individual working sessions are also conducted with the Audit Committee without the presence of management. The Audit Committee approves the Internal Audit combined plan and resources and evaluates the effectiveness of the Internal Audit Function. Internal audit assignments are performed in accordance with the Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors (IIA). Internal audit staff also abide by the Code of Ethics established by the IIA and by Cim Finance Ltd. In terms of structure, the Internal Audit Function is segregated into two units, namely Risk Based and Consulting units. The Risk Based unit performs assurance engagements in line with the definition of the IIA as well as IT audit engagements. The Consulting unit performs engagements that do not fall within the Risk Based unit scope such as Investigations, Independent reviews, Business Process Mapping, System Development Life Cycle assurance, etc. Both units use a risk based approach when building up the Internal Audit Plan for the year. Independence and objectivity The Internal Audit Function confirms that independence and objectivity were maintained throughout the year by ensuring the following: • There was no interference by any element in the company, including matters of audit selection, scope, procedures, frequency, timing, or report content. • Internal audit staff have no direct operational responsibility or authority over any of the activities audited and hence do not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair judgment. Internal audit staff also refrained from reviewing specific operations for which they were previously responsible; made proper disclosures if independence or objectivity was impaired, or if there was any conflict of interest; not accepted anything that may impair or be presumed to impair their professional judgment; and were aware of the threat of over-familiarity. Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal Audit assignments The internal audit plan is developed based on a prioritization of the audit universe using a risk-basedmethodology, including the input of senior management and the Audit Committee. The Head of Internal Audit reviews and adjusts the plan, as necessary, in response to changes in the business, risks, operations, programs, systems, and controls. Any significant deviation from the approved internal audit plan is communicated to senior management and the Audit Committee in a timely manner for approval. Internal Audit carried out 13 internal audit assignments within the Risk Based unit during the year and 4 assignments within the Consulting unit. In addition, follow up audits (review of implementation status of recommendations) were also carried out throughout the year. It is to be noted that the Internal Audit Function, with strict accountability for confidentiality and safeguarding records and information, was authorized full, free and unrestricted access to any and all of Cim Finance’s records, physical properties, and personnel pertinent to carrying out the audit engagements. INTERNAL AUDIT FUNCTION 41 CIM FINANCIAL SERVICES LTD ANNUAL REPORT 2018