Internal Audit Charter

Purpose and scope

This Internal Audit Charter provides the framework for the conduct of the Internal Audit function in The Carlyle Trust Limited and has been approved by the Audit Committee.  It has been created with the objective of formally establishing the purpose, authority and responsibilities of the Internal Audit function.

Purpose

Internal Auditing is an independent, objective assurance and consulting activity designed to add value to and improve an organisation’s operations and to protect the assets, reputation and sustainability of the organisation.  It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control and governance processes.

Scope

All of The Carlyle Trust Limited’s activities (including outsourced activities) and legal entities are within the scope of Internal Audit.  Internal Audit determines what areas within its scope should be included within the annual audit plan by adopting an independent risk-based approach.  Internal Audit does not necessarily cover all potential scope areas every year.  The audit program includes obtaining an understanding of the processes and systems under audit, evaluating their adequacy, and testing the operating effectiveness of key controls. Internal Audit can also, where appropriate, undertake special investigations and consulting engagements at the request of the Audit Committee, senior management and regulators.

Authority, responsibility and independence

Authority

The Internal Audit function of The Carlyle Trust Limited derives its authority from the Board through the Audit Committee.  The Head of Internal Audit is authorised by the Audit Committee to have full and complete access to any of the organisation’s records, properties and personnel.  The Head of Internal Audit is also authorised to designate members of the audit staff to have such full and complete access in the discharging of their responsibilities and may engage experts to perform certain engagements which will be communicated to management.  Internal Audit will ensure confidentiality is maintained over all information and records obtained in the course of carrying out audit activities.

Internal Audit has the right to attend and observe all of the Bank’s Board Committee and Executive Committee meetings in order to validate key decision-making processes as required.

Responsibility

The Head of Internal Audit is responsible for preparing the annual audit plan in consultation with the Audit Committee and senior management, submitting the audit plan, internal audit budget, and resource plan for review and approval by the Audit Committee, implementing the approved audit plan, and issuing periodic audit reports on a timely basis to the Audit Committee and senior management.

The Head of Internal Audit is responsible for ensuring that the Internal Audit function has the skills and experience commensurate with the risks of the organisation.  The Audit Committee should make appropriate inquiries of management and the Head of Internal Audit to determine whether there are any inappropriate scope or resource limitations.

It is the responsibility of management to identify, understand and manage risks effectively, including taking appropriate and timely action in response to audit findings. It is also management’s responsibility to maintain a sound system of internal control and improvement of the same. The existence of an Internal Audit function, therefore, does not in any way relieve them of this responsibility.

Management is responsible for fraud prevention and detection. As Internal Audit performs its work programs, it will be observant of manifestations of the existence of fraud and weaknesses in internal control which would permit fraud to occur or would impede its detection.

Deferment of internal audit reviews

Management requests to defer an audit review between quarters should be discussed with the Head of Internal Audit at the earliest opportunity. The Head of internal Audit will discuss all requests with the chair of the audit committee in order to confirm the most appropriate response to such requests.

Professional competence, reporting and monitoring

Independence

Internal Audit staff will remain independent of the business and they shall report to the Head of Internal Audit who, in turn, shall report functionally to the Audit Committee and administratively to the Chief Executive Officer.

Internal Audit staff shall have no direct operational responsibility or authority over any of the activities they review.  Therefore, they shall not develop nor install systems or procedures, prepare records or engage in any other activity which they would normally audit.  Internal Audit staff with real or perceived conflicts of interest must inform the Head of Internal Audit, then the Audit Committee, as soon as these issues become apparent so that appropriate safeguards can be put in place.

Professional competence and due care

The Internal Audit function will perform its duties with professional competence and due care.  Internal Audit will adhere to the Definition of Internal Auditing, Code of Ethics and the Standards for the Professional Practice of Internal Auditing that are published by the Institute of Internal Auditors.

Internal Audit will also adhere to the recommendations from the Committee on Internal Audit Guidance for Financial Services (Effective Internal Audit in the Financial Services Sector) published in September 2017.

Reporting and monitoring

At the end of each audit, the Head of Internal Audit or designee will prepare a written report and distribute it as appropriate.  The 2nd line of defence will be responsible for appropriate follow-up of audit findings and recommendations but will be supported by Internal Audit where required.  All significant findings will remain in an open issues file until cleared by the Head of Internal Audit or the Audit Committee.

The Audit Committee will be updated regularly on the work of Internal Audit through periodic and annual reports.  The Head of Internal Audit shall prepare reports of audit activities with significant findings along with any relevant recommendations and provide periodic information on the status of the annual audit plan.

Periodically, the Head of Internal Audit will meet with the Chair of the Audit Committee in private to discuss internal audit matters.