Shariah Audit Function
Introduction
The Shariah audit function plays a crucial role in providing an independent assessment of an Islamic financial institution's (IFI) internal control, risk management systems, governance processes, and overall compliance with Shariah principles. Its independence is derived from direct reporting and unencumbered access to the Board Audit Committee (AC). To effectively fulfill its mandate, the Chief Internal Auditor (CIA) should hold a suitable stature within the IFI. The Shariah audit function should have the authority to initiate assignments across all departments and functions of the IFI, without making management decisions or establishing control procedures. Reporting findings and appraisals internally should not be restricted. The CIA, responsible for the Shariah audit function, should have the authority to communicate directly with the board, chairman of the board, regulators, and external auditors as necessary, following defined rules in the audit charter. The AC should oversee the adequacy of resources and remuneration for internal auditors performing Shariah audit function to maintain independence. Senior management should ensure the IFI has an appropriate Shariah audit function by providing necessary resources and staffing suitable for the institution's size and operations.
Shariah audit methodology
The Shariah audit function is responsible for establishing an audit methodology to assess the risk profile and vulnerabilities of each auditable area within an Islamic financial institution (IFI). This risk assessment should cover all activities, entities, and the entire internal control system of the IFI. The audit methodology should be appropriately documented and regularly updated to reflect changes in the internal control system, work processes, and the inclusion of new activities.
Shariah audit plan
The Shariah audit function is responsible for developing an audit plan based on the risk assessment. This plan should outline the audit objectives, scope, timing, frequency, and resource requirements. When creating the Shariah audit plan, the Shariah audit function should consider expected developments and innovations, the higher risk associated with new activities, and the goal of auditing all significant activities and entities within a reasonable time period (the audit cycle).
The Shariah audit plan must be approved by the Audit Committee (AC) or the board. While not mandatory, it is considered a best practice to also share the Shariah audit plan with the Shariah committee for informational purposes. To ensure consistency, the terms of reference of the Shariah committee may include their involvement in matters related to the Shariah audit.
Shariah audit program
The Shariah audit function is responsible for creating well-documented audit programs that serve as a guide for internal auditors. These programs should outline the information gathering process, auditing procedures, and assessment methods. All audit procedures related to the assignment must be documented in working papers. The working papers should contain enough information to validate the proper execution of the assignment.
领英推荐
Shariah audit reporting
The Shariah audit function is responsible for communicating the results of the audit to the board and Shariah committee through an audit report. This report should include details of the audit findings, recommendations for rectification measures, as well as the auditee's responses and action plans. It is important to issue a written Shariah audit report to the relevant parties in a timely manner after the completion of the audit.
If significant audit findings are discovered that would materially impact the licensed institution's operating and financial condition, they should be promptly reported to the AC and the Chief Executive Officer. Bank Negara Malaysia should also be promptly informed of such findings. The Shariah audit function should monitor the progress of rectification actions, taking into consideration the timeline committed by management. This includes addressing findings raised by regulatory authorities or external auditors. Any exceptions or issues of concern should be escalated to the Shariah committee and AC and even the board if the non-implementation has significant consequences. The Shariah audit function is expected to regularly update the Shariah committee and AC on outstanding Shariah audit and control issues, as well as the status of the implementation of audit recommendations. The Shariah committee, AC and senior management should ensure that these issues and concerns are appropriately and timely addressed.
Senior officer responsible for Shariah audit function and competency requirements
The senior officer primarily accountable for internal audit, known as the Chief Internal Auditor (CIA), is responsible for overseeing the Shariah audit function as part of the overall internal audit function.
The SG policy emphasizes the importance of ensuring that internal auditors who perform the Shariah audit function possess the necessary qualifications and knowledge of Shariah requirements applicable to Islamic financial business.
External shariah audit
The SG policy provides optional requirements for external Shariah audits within Islamic Financial Institutions (IFIs). These requirements serve as guidance rather than standards. It is important to note that both requirements pertain to external audits.
The first requirement allows IFIs to appoint an external Shariah auditor to assess the effectiveness of their Shariah governance implementation. IFIs may choose to include this mandate in their external audit's scope apart from the preparation of financial statements if deemed necessary for the year. Some institutions opt to have their internal audit function perform this audit as part of their overall audit plan.
The second requirement pertains to the possibility of Bank Negara Malaysia (BNM) instructing an IFI to appoint an external Shariah auditor to conduct an audit on Shariah compliance. As with the first requirement, this is a guide and subject to BNM's discretion.