Affin Bank Berhad | Annual Report 2020

4. RESPONSIBILITY a. Its primary role/responsibility is to assist the GBAC to discharge its duties and responsibilities by independently reviewing and reporting on the adequacy and integrity of the Group’s risk management, internal control, compliance and governance processes; in order to provide reasonable assurance that such frameworks and systems continue to operate efficiently and effectively and in line with the relevant regulatory requirements; b. The GIA’s processes and activities are governed by the regulatory guidelines as well as the Group’s Code of Ethics and The Institute of International Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing; c. GIA adopts the 5 components set out in the Internal Control Integrated Framework issued by the Committee of Sponsoring Organisations of the Treadway Commission (COSO); namely control environment, risk assessment, control activities, information and communication, and monitoring activities. COSO is an internationally recognised organisation providing thought leadership and guidance on internal control, enterprise risk management and fraud deterrence; d. Besides COSO, GIA also incorporates the Control Objectives for Information and Related Technology (COBIT) framework into its Information Technology (IT) audits. COBIT is a framework developed by the Information Systems Audit and Control Association (ISACA) which includes 40 governance and management objectives, organised into five domains. The Framework makes a clear distinction and defines the components required for the governance and management of the IT environment. During the year, GIA had engaged with the ISACA Malaysia Chapter in training a number of its auditors on the COBIT framework and its application into the IT audit process; e. GIA’s scope of coverage encompassed all key business and operation/ support units. Areas audited comprised retail and non-retail credit, distribution channels, back office operations, IT operations and security, treasury related matters, Islamic Banking, subsidiaries, Head Office functions and also special focus areas such as AML/CFT, NSFR, LCR, ICCAP, product transparency, outsourced functions and business continuity; f. GIA also undertakes investigations into suspected fraudulent activities, staff misconduct, whistleblowing cases and other incidences, as and when required, and recommends appropriate improvements to prevent recurrence and actions against persons responsible; g. The GIA closely monitored the rectification of audit findings and implementation of the audit recommendations, in order to obtain assurance that all major risk and control concerns have been duly addressed. GIA reports were presented to the management and GBAC; h. GIA had also worked closely with the external auditors to ensure that significant issues are duly addressed and resolved on a timely basis; and i. The total GIA’s cost for year 2020 is approximately RM 9.1 million, comprising mainly salaries, staff training and development, information technology cost, other department operating cost, as well as, travelling, accommodation expenses and subsistence allowances for audit assignments. 220 GROUP BOARD AUDIT COMMITTEE REPORT ORGANISATION EXECUTIVE SUMMARY CORPORATE GOVERNANCE FINANCIAL STATEMENTS OTHER INFORMATION