shariah audit - bank islam's · pdf filestrictly private & confidential page 1...
TRANSCRIPT
Strictly Private & Confidential
Page 1
SHARIAH AUDIT - Bank Islam's Practice
Aligning Shariah Audit to IPPF and COSO ERM
30 April 2013
1) • Shariah Governance Structure
2) • Shariah Audit’s Roles & Responsibilities
3) • Shariah Audit Process & Methodology
4) • Shariah Audit Scope & Coverage
5) • Major Challenge in Shariah Audit
6) • Major Issues in Managing Shariah Risk
7) • Bank Negara Malaysia’s Minimum Expectation on Shariah Audit
Page 2 Shariah Audit Unit, Internal Audit Division
AGENDA
SHARIAH AS OVERARCHING PRINCIPLE IN BANK ISLAM
SHARIAH SUPERVISORY COUNCIL (SSC) (Oversight accountability on Shariah
matters)
BOARD OF DIRECTORS
(Overall oversight on Shariah governance structure & Shariah
compliance) BOARD RISK COMMITTEE
AUDIT & EXAMINATION
COMMITTEE (AEC)
MANAGEMENT • Ensure execution of business & operations are in accordance with
Shariah principles. • Provide necessary resources, infrastructure, enablers to the SSC.
Shariah Risk Management Control Function: Identify, measure, monitor, report & control Shariah non-compliance risk
Shariah Review Function: Review business operation on regular basis to ensure Shariah compliance.
Shariah Research Functions: Conduct in-depth Shariah research prior to submission to SSC.
Shariah Audit (SA) Function: Provide independent assessment & objective assurance designed to value add & improve Bank Islam adherence to Shariah
Page 3 Shariah Audit Unit, Internal Audit Division
RISK MGT DIVISION
Shariah Secretariat Functions: Secretary to SSC
Shariah Governance Framework of Bank Islam
Boa
rd L
evel
M
anag
emen
t Le
vel
Exe
cutiv
e Le
vel
Shariah Supervisory
Council
Board of Directors
Board Risk Committee
MRCC
ORCC*
Shariah Div (Shariah
Rev/ Research/
Secretariat)
Audit & Examination Committee
Internal Audit Div (Shariah
audit)
Zakat Committee
Managing Director
Note: SCRM – Shariah Compliance Risk Management MRCC – Management Risk Control Committee ORCC – Operational Risk Control Committee – Administratively – Functionally * w.e.f July 2012. Previously Shariah non compliance risk was over sighted by Shariah Compliance Risk Control Committee.
Shariah Review
Committee
Shariah Audit Unit Page 4 Shariah Audit Unit, Internal Audit Division
Shariah Compliance
Risk
Risk Mgt Div
Shariah Governance Reporting Structure
AGENDA
1) • Shariah Governance Structure
2) • Shariah Audit’s Roles & Responsibilities
3) • Shariah Audit Process & Methodology
4) • Shariah Audit Scope & Coverage
5) • Major Challenge in Shariah Audit
6) • Major Issue in Managing Shariah Risk
7) • Bank Negara Malaysia’s Minimum Expectation on Shariah Audit
Page 5 Shariah Audit Unit, Internal Audit Division
Page 7 Shariah Audit Unit, Internal Audit Division
Shariah Audit Roles & Responsibilities
Risk Management Approach Adopted by Bank Islam
1st LINE OF DEFENCE
Risk Owner or Risk Taking Units i.e. BU/SU
(including Business Heads, BMs, BRO/SRO/
DORC/All Staff)
2nd LINE OF DEFENCE
ORMD and ORCC
3rd LINE OF DEFENCE
Internal Audit Division
Provide INDEPENDENT ASSURANCE to Board of
Directors and Senior Management that Risk
Management Processes and Tools are effectively
implemented.
Responsible for ONGOING OVERSIGHT of risk & control at day
to day work level
ESTABLISH and MAINTAIN ORM Framework,
assessing, monitoring, reporting and controlling
risk on a bank-wide level.
AGENDA
1) • Shariah Governance Structure
2) • Shariah Audit’s Roles & Responsibilities
3) • Shariah Audit Methodology & Process
4) • Shariah Audit Scope & Coverage
5) • Major Challenges in Performing Shariah Audit
6) • Major Issue in Managing Shariah Risk
7) • Bank Negara Malaysia’s Minimum Expectation on Shariah Audit
Page 8 Shariah Audit Unit, Internal Audit Division
Page 9 Shariah Audit Unit, Internal Audit Division
Risk Based Shariah Audit Methodology
Mgt of Shariah Risk in
Minimizing Potential
Loss
Criticality of Shariah risk Exposure
Quality/ Adequacy of Controls
& Risk Mitigant In
Place
Shariah Audit Methodology
Page 10 Shariah Audit Unit, Internal Audit Division
Shariah Audit Methodology
• Possible failures to comply with Shariah principles/ requirements or in other words possible incidences of Shariah non-compliance.
Shariah Risk
• Shariah rulings and decisions issued by Shariah Advisory Council of BNM and Shariah committee of the IFI respectively and as determined by other relevant bodies.
Shariah Principles/
Requirements
• Any action taken by the management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.
Internal Controls
Page 11 Shariah Audit Unit, Internal Audit Division
Shariah Audit Methodology
The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control Components
Page 13 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
Annual Audit
Planning
Audit Assignment
Planning Shariah
Audit Plan
Annual Audit Planning o Will be performed in the last quarter of the financial year end.
o Performs Shariah risk assessment on the Audit Universe (i.e. all audit centers/ clients)
o Develops/ Updates Shariah Risk Profiles & Shariah Audit Program.
o Determine the number of audit assignment to be conducted through out the next 12 months (risk areas against audit resources)
o Table to Audit & Examination Committee (AEC) and Shariah Committee (SC) for approval & endorsement.
Page 14 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
ANNUAL SHARIAH RISK ASSESSMENT
Determine/ Understand the Audit Universe (list of audit centers/ clients)
Identify the Shariah Requirements/ Principles
(Shariah Risk Profiles)
Group the Shariah Risk Profiles into the common Shariah Risk Area.
Prioritize the Audit Center/ Client (Map against the Shariah Risk Area)
Page 15 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
Shariah Risk Areas
Aqad Execution
(Touch Point) Product
Structure
Product Development
Product Documentations
Accounting Treatment (i.e.
Income/ Ta’widh/ Ibra’
Marketing Collateral &
Advertisement
Zakat (Computation
/ Payment/ Distribution)
Manual/ Procedures
(Shariah Requirements)
Dress Code
Page 16 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
Shariah Audit Reference
• Rulings and decisions of the Shariah Advisory Councils of Central Bank of Malaysia (or BNM) and Securities Commission of Malaysia (or SC);
• Guidelines issued by BNM and SC, e.g. Shariah Parameter; • Other relevant and applicable pronouncement issued by BNM; • Rulings and decisions of the Bank’s Shariah Supervisory Council
(SSC) and Shariah Review Committee (SRC); and • Approved product manuals / standard operating procedures /
internal guidelines pertaining to Shariah Compliance.
Page 17 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
Annual Audit
Planning
Audit Assignment
Planning Shariah
Audit Plan
Audit Assignment Planning o Will be performed prior to execution of an individual audit fieldwork/ assignment.
o Reassess the Shariah risk on an audit center to be audited.
o Determine: • Area of risk to be prioritized; • Type resources & expertise required to carry out the audit exercise in the most
efficient and effective way; • Audit Fieldwork Period; • Scope of the Shariah Audit
o Obtain the Audit Authority Letter from Chief Internal Auditor/ Head of Internal Audit.
Page 18 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
PRE-AUDIT SHARIAH RISK ASSESSMENT
Understand the activities/ operational/ IT processes of an audit center/ client
Review & Update the Shariah Risk Profiles
(New Shariah Requirements)
Update the Shariah Audit Program (if necessary)
Page 19 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
Audit Program (Sample)
Risk Description
Shariah Requirements Reference Audit Testing
(Comply/ Not Comply)
Risk of Non-Shariah Compliance in Execution of Aqad/ Contract
(Trade Finance – Bank Guarantee)
The issuance of Bank Guarantee (BG) is subject to the following: Acquisition of Shariah compliant assets. Asset to be acquired for Shariah compliant activities. Guarantee the performance of Shariah compliant activities/ transactions.
Bank Guarantee-i Secured 1:1 Against Cash Deposit Program Manual V5/2011, page 12 & 13.
Kafalah Aqad must be properly executed by the Bank and customer.
Kafalah Contract Guideline (Shariah/ SD9/ V2/2012) approved by SRC on 10MAY12.
Page 21 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
Executed on a “Stand- Alone”
basis Jointly executed with Operations, Credits,
Head Office & Subsidiary Audit
Audit Execution (Fieldwork)
Page 22 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
Audit Tools/ Techniques
Examine Documents
Interview
Observation
Questionnaires
Walkthrough
Data Mining
Page 24 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
Objectives of Shariah Audit Report
• Report the Shariah non-compliance or potential Shariah non-compliance events/ activities/ transactions.
• Highlight the causal factor that lead to the Shariah non-compliance
• Asses the degree of risk & impact to the Bank as a whole. • Recommend corrective actions & improvements. • Suggest the timelines for rectifications. • Conclude the state of internal control system & risk management
process.
Page 25 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
Shariah Audit Report
Table to Audit & Examination Committee
Extend to Shariah Committee (or Sub Committee) through Head, Shariah
Division for deliberation & further action
Extend to Head of respective audit center for further action
Page 27 Shariah Audit Unit, Internal Audit Division
Shariah Audit Process
FOLLOW-UP OF SHARIAH AUDIT ISSUES
Shariah Compliance Risk Management (Track the Rectification Efforts using the Shariah Non-
Compliance (SNC) Tracking Report)
Shariah Committee (or Sub Committee) and Operational Risk Control Committee
(Oversee the Rectification Efforts)
Shariah Audit (Follow-up will be conducted on monthly basis and
the rectification status will presented to Audit Committee)
AGENDA
1) • Shariah Governance Structure
2) • Shariah Audit’s Roles & Responsibilities
3) • Shariah Audit Process & Methodology
4) • Shariah Audit Scope & Coverage
5) • Major Challenge in Shariah Audit
6) • Major Issues in Managing Shariah Risk
7) • Bank Negara Malaysia’s Minimum Expectation on Shariah Audit
Page 28 Shariah Audit Unit, Internal Audit Division
Page 29 Shariah Audit Unit, Internal Audit Division
Shariah Audit Scopes
1. To assess the effectiveness of the Shariah oversight function & reporting structure.
2. To ascertain the degree of compliance with Shariah principles/ requirements.
3. To ascertain , review & test the system of internal controls of the Bank’s activities & operations.
4. To ensure the effectiveness of process and mechanism/ tools in managing Shariah risk.
5. To ensure the workflow procedures make the most efficient use of resources.
6. To ensure the promptness on addressing any identified Shariah non-compliant activities / events/ transactions
Page 30 Shariah Audit Unit, Internal Audit Division
Shariah Audit Coverage
Shariah Audit’s
Business Partner
Bank Islam’s Head Office Functions & Branches
Bank Islam’s Wholly Owned
Subsidiaries
BIMB Holdings &
Subsidiaries (except for
Takaful business)
Page 31 Shariah Audit Unit, Internal Audit Division
Shariah Audit Coverage
Shariah Audit
Management of Shariah Risk/
Shariah Governance
Shariah Compliance
Testing
Functions related to Shariah risk management e.g. o Shariah Secretariat. o Shariah Research. o Shariah Review. o Shariah Risk Mgt. o Shariah Compliance Review. o Product Development. o Organization & Methods. o Human Resource.
Shariah concerns related to activities & operations of the Bank e.g. o Mgt of the product life cycle. o Product structure of deposit,
financing, investment, services.
o Transactional banking processes e.g. Trade Finance, Treasury, Financing & etc.
o Sales & marketing activities o Accounting treatment &
system.
AGENDA
1) • Shariah Governance Structure
2) • Shariah Audit’s Roles & Responsibilities
3) • Shariah Audit Process & Methodology
4) • Shariah Audit Scope & Coverage
5) • Major Challenge in Shariah Audit
6) • Major Issues in Managing Shariah Risk
7) • Bank Negara Malaysia’s Minimum Expectation on Shariah Audit
Page 32 Shariah Audit Unit, Internal Audit Division
Page 33 Shariah Audit Unit, Internal Audit Division
Major Challenge in Shariah Audit
Shariah Audit Resources (Quantity & Quality)
• What is the ideal number of Shariah Auditors for an Islamic Financial Institution (IFI)?
• Depends on the competency level of Shariah Auditors and the size of an IFI.
Page 34 Shariah Audit Unit, Internal Audit Division
Major Challenge in Shariah Audit
Competency (Adequate
Knowledge/ Skills)
Islamic Banking
Operations (Products/ Processes/
System)
Shariah (Fiqh Muamalat)
Auditing Techniques &
Practices Accounting Principles
Commercial/ Company
Laws
Risk Management
AGENDA
1) • Shariah Governance Structure
2) • Shariah Audit’s Roles & Responsibilities
3) • Shariah Audit Process & Methodology
4) • Shariah Audit Scope & Coverage
5) • Major Challenge in Shariah Audit
6) • Major Issues in Managing Shariah Risk
7) • Bank Negara Malaysia’s Minimum Expectation on Shariah Audit
Page 35 Shariah Audit Unit, Internal Audit Division
Page 36 Shariah Audit Unit, Internal Audit Division
Major Issues in Managing Shariah Risk
Major Issues in Managing Shariah
Risk
Absence/ Incomprehensive “Shariah Risk
Profiles”
Absence/ Incomprehensive Tools for Risk
Detection/ Management
Performance of Shariah
Committee Members
Poor Dissemination of Shariah Rulings/
Decision
Inadequate Staff
Knowledge on Shariah
Requirements
Ineffective Shariah Review
Function
Shariah Risk Mgt Function
not Independent
Wrong Advice by Shariah Advisory Function
AGENDA
1) • Shariah Governance Structure
2) • Shariah Audit’s Roles & Responsibilities
3) • Shariah Audit Process & Methodology
4) • Shariah Audit Scope & Coverage
5) • Major Challenge in Shariah Audit
6) • Major Issues in Managing Shariah Risk
7) • Bank Negara Malaysia’s Minimum Expectation on Shariah Audit
Page 37 Shariah Audit Unit, Internal Audit Division
Page 38
SHARIAH GOVERNANCE FRAMEWORK’S REQUIREMENTS
1. Direct reporting to AEC and dotted line to SSC.
2. To provide an independent assessment & objective assurance.
3. Shariah auditor must have adequate Shariah-related knowledge & training.
4. Group Shariah audit must be augmented in line with its responsibility.
5. Shariah audit may be conducted:- i. As part of the IFI’s audit on specialized areas; or ii. According to the risk level; iii. Materiality of the impact of Shariah non-compliance.
6. AEC upon consultation with SSC shall determine the deliverable of Shariah audit function.
7. Deliverables shall be consistent with accepted auditing standards.
Shariah Audit Unit, Internal Audit Division
Bank Negara Malaysia’s Minimum Expectation
Page 39
SHARIAH GOVERNANCE FRAMEWORK’S REQUIREMENTS
8. Scope of SA shall cover all aspects of the business operations and activities:- i. Financial statements (FS); ii. Org structure, people, process & IT application syst. (ITAS); iii. Review on adequacy of the Shariah governance process.
9. Process of SA shall be designed to enable the IFI to assess the implementation of sound and effective internal control system for Shariah compliance:- i. Understand the business activities; ii. Develop comprehensive Audit Program/ Plan; iii. Making reference to relevant sources; iv. Conduct audit on periodical basis; v. Communicate audit report to AEC and SC; vi. Provide recommendation on rectification; vii. Following-up on the implementation.
10. IFI may outsource the SA function & audit cost shall be borne by the IFI.
Shariah Audit Unit, Internal Audit Division
Bank Negara Malaysia’s Minimum Expectation