Recommended Internal Audit Testing Procedures

audit

Introduction and Use

1.1. Objective

The purpose of this document is to provide The Banking Association South Africa (BASA) member banks with recommended RDARR Internal Audit Testing Procedures. The recommended RDARR Internal Audit Testing Procedures has been formulated in response to the South African Reserve Bank’s (SARB) Directive 5 of 2016 relating to Basel’s principles for effective risk data aggregation and risk reporting (the Principles).
The Directive requires the following:
“2.1 Based on the aforesaid and in accordance with the provisions of section 6(6) of the Banks Act, 1990, banks' internal auditors, or, at the discretion of the bank, a combination of the bank's internal and external auditors, are hereby directed to conduct a granular verification and validation of the evidence related to the extent of the bank's compliance with the Principles and their related requirements.
2.2 D-SIBs are required to furnish the Registrar with the related report on or
before 30 September 2017.”

1.2. Use

1.2.1. Criteria to assess compliance with the Principles and their related requirements To assess the extent of the bank's compliance with the Principles and their related requirements, SARB defined definitions in the “Banks’ stock-taking questionnaire” should be used. The level of compliance with each Principle and the underlying requirements will be understood to reflect the following assessments (1 to 4 scale):
4 The Principle/requirement is fully complied with, that is, the objective of the Principle/requirement is fully achieved with the existing architecture and processes.
3 The Principle/requirement is largely complied with, that is, only minor actions are needed in order to fully comply with the Principle/requirement.
2 The Principle/requirement is materially non-compliant, that is, significant actions are needed in order to progress further or achieve full compliance with the Principle/requirement.
1 The Principle has not been implemented.

1.2.2. Application of the recommended RDARR Internal Audit Testing Procedures There are no requirements or regulatory expectations that the BASA member banks adopt the RDARR Internal Audit Testing Procedures. The recommended testing procedures have been formulated to provide Internal Audit functions with recommended guidelines to follow when assessing its bank’s level of compliance with the Principles.
It remains the Chief Internal Audit Executive’s:

  • Responsibility to execute the SARB Directive 5 of 2016 and remains
    accountable to SARB for its audit scope, audit coverage and audit assessment.
  • Prerogative to adopt the RDARR Internal Audit Testing Procedures.
  • Responsibility to agree the use of the RDARR Internal Audit Testing Procedures with senior management.
  • Responsibility to confirm the appropriateness, comprehensiveness and completeness of the RDARR Internal Audit Testing Procedures in proportion to the bank’s size, nature and complexity of the banks’ operations, if adopted.
  • Adapt the naming conventions and concepts described in the RDARR Internal Audit Testing Procedures to the terminology used in the bank, if adopted.

1.2.3. Concepts Used

  •  The naming conventions, terminology and concepts described in the recommended RDARR Internal Audit Testing Procedures is of a general nature and should be tailored to each bank’s requirements. Examples of these include:

o Policy – This term refers to a Framework, Policy, Standard or a policy statement.
o Limitations register – This term refers to a method employed by the bank to log, track and remediate limitations that prevent full risk data aggregation.

  • Materiality - The concept of materiality should be applied in the testing procedures. Materiality should mean that data and reports can exceptionally exclude information only if it does not affect the decision-making process in a bank (i.e. decision-makers, in particular the board and senior management, would have been influenced by the omitted information or made a different judgment if the correct information had been known).
  • The RDARR Internal Audit Testing Procedures must be read in conjunction with the BCBS 239 document (Principles for effective risk data aggregation and risk reporting).
  • The RDARR Internal Audit Testing Procedures must be read within the scope
    of the BCBS 239 document.

Read the full Recommended South African Banks Internal Audit Standards here.

More info

Menu
Menu
© The Banking Association South Africa 2017