Annual Report 2019

4. INTERNAL AUDIT FUNCTION Governance and structure The Internal Audit Function of Cim Finance Ltd (CFL) is an independent appraisal and consulting activity that adds value, examines and evaluates activities of the company. A strong internal control system, including an independent and effective Internal Audit Function, is part of sound corporate governance. The Internal Audit Function of CFL performs audit engagements for CFSL as governed by the Service Level Agreement approved by the Audit Committee of CFL and the Risk Management and Audit Committee (RMAC) of CFSL. The mission of the Internal Audit Function is to provide vital and independent assurance to the Board and management on the quality of the company’s internal control system, risk management and governance processes. The objectives are to assist members of the Board and management in the effective discharge of their responsibilities. In line with good governance principles, Internal Audit functionally reports to the RMAC and the Audit Committee on a quarterly basis. Individual working sessions are also conducted with the Audit Committee without the presence of management. The Audit Committee approves the Internal Audit combined plan, resources and evaluates the effectiveness of the Internal Audit Function. Internal audit assignments are performed in accordance with the Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors (IIA). Internal audit staff also abide by the Code of Ethics established by the IIA and by Cim Finance Ltd. In terms of structure, the Internal Audit Function is segregated into two units, namely Risk Based and Consulting units. The Risk Based unit performs assurance engagements in line with the definition of the IIA as well as IT audit engagements. The Consulting unit performs engagements that do not fall within the Risk Based unit scope such as Investigations, Independent reviews, System Development Life Cycle assurance, etc. Both units use a risk based approach when building up the Internal Audit Plan for the year. The structure, organisation and qualifications of the key members of the internal audit function are listed on the Company’s website. Independence and objectivity The Internal Audit Function confirms that independence and objectivity was maintained throughout the year by ensuring the following: • There was no interference by any element in the company, including matters of audit selection, scope, procedures, frequency, timing, or report content. • Internal audit staff have no direct operational responsibility or authority over any of the activities audited and hence do not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair judgment. Internal audit staff also refrained from reviewing specific operations for which they were previously responsible; made proper disclosures if independence or objectivity was impaired, or if there was any conflict of interest; have not accepted or given gifts and/or entertainment (as defined by the company’s Gift and Entertainment Procedure) that may impair or be presumed to impair their professional judgment; and were aware of the threat of over-familiarity. Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal Audit assignments The internal audit plan is developed based on a prioritization of the audit universe using a risk-based methodology, including input of senior management and the Audit Committee. The Head of Internal Audit reviews and adjusts the plan, as necessary, in response to changes in the business, risks, operations, programs, systems, and controls. Any significant deviation from the approved internal audit plan is communicated to senior management and the Audit Committee on a timely manner for approval. Internal Audit carried out 7 internal audit assignments for Cim Finance Ltd, 4 internal audit assignments for CFSL, 5 IT audit assignments within the Risk Based unit during the year and 14 assignments and 6 high level reviews within the Consulting unit. In addition, follow up audits (review of implementation status of recommendations) were also carried out throughout the year. It is to be noted that the Internal Audit Function, with strict accountability for confidentiality and safeguarding of records and information, was authorized full, free and unrestricted access to any and all of Cim Finance’s records, physical properties, and personnel pertinent to carrying out the audit engagements. CIM FINANCIAL SERVICES LTD / ANNUAL REPORT 2019 43