Risk warning disclosure: Restricted Speculative Investments are complex instruments and come with a high risk of losing money rapidly due to leverage. Most Retail Client accounts lose money while trading such products.
You should consider whether you understand how such products work and whether you can afford to take the high risk of losing your money. Please click on the following Risk Warning Disclosure for more information relating to the performance of active Retail Clients.
FFA Network
Complaints Careers Contact Us
Menu

Corporate Governance

Home /Corporate Governance /Internal Audit Policies and Rules

Internal Audit Policies and Rules

Mission Statement

The Mission of the Internal Audit Unit of FFA Private Bank Dubai (“FFA PBD” or “the Firm”) is to assist the Governing Body and Senior Management in the effective discharge of their duties and responsibilities. To this end, the Internal Audit Unit will provide independent assurance to the Chairman, the Governing Body, and the Audit Committee that all significant and material corporate governance matters, and business risks are being appropriately controlled through furnishing them with observations and recommendations, counsel and information.

Objectives

The objectives of the Internal Audit Unit are:
  • To provide independent advice to the Governing Body and Audit Committee on all aspects of corporate governance across FFA PBD and independent assurance on the compliance with the DFSA rules and regulations and the Firm’s corporate governance guidelines;
  • To provide independent assurance to the Governing Body and the Audit Committee by performing and issuing internal audit reports covering the adequacy and appropriations of FFA PBD policies, procedures, systems and controls as required under DFSA GEN Rulebook Sections 5.3 and 5.5, in managing operational, compliance, financial, and strategic risks;
  • To provide independent assurance to the Governing Body and the Audit Committee by performing and issuing internal audit reports on compliance with the DFSA and DIFC requirements.
  • To assist managers and senior management in carrying out their internal control responsibilities, including risks, policies, procedures and compliance.
  • To identify and reduce any unnecessary risk exposure across FFA PBD by assuring control mechanisms are appropriate for levels of risk; in line with DFSA’s expectations for prudent risk management under the Risk Management and Systems & Controls Module (SYSC);
  • To provide advice to benchmark the effectiveness and efficiency of control processes.
  • To share effective and efficient risk management and control processes within FFA PBD.

The following objectives reflect the Standards of the Institute of Internal Auditors definition of an Internal Audit Unit.

“Independent, objective assurance and consulting services designed to add value and improve FFA PBD ’s operations. It will help FFAPB accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance process."

Scope of Work

As per the service level agreement signed on the 04 October 2006 between the Firm and I&C Bank Sal, executed in compliance with the DFSA General Rulebook - Outsourcing 5.2.21 and 5.3.22, constituting the understanding between the parties relating to the outsourcing of services by the Firm to I&C Bank Sal, and stating the Internal Audit Function as one of those outsourced services. The scope of the Internal Audit Unit encompasses the examination and evaluation of the adequacy and effectiveness of the Firm's system of internal controls and the quality of performance in carrying out assigned responsibilities through the Firm’s internal functions (AML & Compliance Department, Client Relations Department, Private Wealth Management Department, HR and Administration Department, Capital Markets, IT Department, Accounting Department ), and the outsourced services to I&C Bank Sal detailed as follows:

  • Operations and Settlement,
  • Risk Management and Control,
  • Accounting Support,
  • IT Services Support,
  • Finance and Treasury,
  • HR Support,
  • Legal Counsel and Support
  • Asset Management and Advisory Services Support
  • Client Service Support

The Internal audit reviews of high to medium-risk outsourced functions are conducted on an annual basis, while low-risk functions are assessed at least once every two years, as determined through the risk-based internal audit planning process. The outsourced functions over an annual basis year note that high to medium-rated functions are covered on an annual basis, However, few functions will be covered once every two years due to their low risk.

The Internal Audit Unit shall determine whether FFA PBD networks of risk management, control, and governance processes, as designed and represented by management, are adequate and functioning in a manner to acknowledge that:

  • Risks are appropriately identified and quantified, and their impact is assessed
  • Risk management systems and procedures are reliable and integral.
  • FFA PBD is complying with risk policies in reviewing and assessing credit, market, and operational risks.
  • Appropriate policies and procedures have been developed to manage the identified risks
  • FFA PBD and the client’s assets are safeguarded.
  • Proper due diligence is conducted on Third Party Agents.
  • Significant financial, managerial, and operating information is accurate, reliable, and timely.
  • Activities comply with policies, standards, procedures, and applicable regulations.
  • Resources are acquired economically, used efficiently and protected adequately;
  • Programs, plans, and objectives are achieved.
  • Quality and continuous improvement are fostered in control process; and
  • Significant legislative or regulatory issues are recognized and addressed appropriately.
  • Opportunities for improving operations, management control system, may be identified during audit assignments. They will be communicated to the appropriate level of management.


In addition, the Internal Audit Unit conducts specific reviews as required by the DFSA. These include assessments that ensure the Firm continues to operate in line with relevant regulatory expectations, focusing on key control areas identified through DFSA-issued guidance, regulatory updates, and risk alerts.

 

Authority

For its work, the Internal Audit Unit has unrestricted access to all the records, personnel, property, and operations.

The Head of Internal Audit (“HIA”) and the staff of the Internal Audit Department have the authority to obtain the necessary assistance of personnel in units where they perform audits, as well as other specialized services from within or outside FFA PBD.

The HIA reports administratively to the Chairman and the SEO and functionally to the Audit Committee of the Board of Directors.

The Head of Internal Audit is required to report to the Audit Committee, copying the Chairman and Senior Management, any matters that may be identified during the audit work and that involves either fraud or significant breaches of laws and regulations.

The Head of Internal Audit reviews the Internal Audit Charter including the authority, scope of work, and resources of the Internal Audit Unit, annually to confirm these remain appropriate. Changes to the Internal Audit Charter are to be approved by the Audit Committee and the Governing Body.

The Internal Audit Unit is not authorized to:
  • Perform any operational duties.
  • Initiate or approve accounting transactions external to the Internal Audit Unit.
  • Direct the activities of any employee not employed by the Internal Audit Unit, except to the extent such employees have been appropriately assigned to auditing teams or otherwise to assist the internal auditor.


Reporting

The Audit Committee and the Governing Body shall approve the detailed annual audit plan developed by the Internal Audit Unit. The audit universe shall be identified and completely covered as per the risk assessment results or as per the best practices, once every two years.

The Head of Internal Audit (HIA) will present Internal Audit reports to the Audit Committee on a quarterly basis, with copies circulated to the Chairman and Senior Management of the Firm via email, in addition to formal discussions during Internal Audit Committee meetings. These reports will be incorporated into the Audit Committee’s quarterly reporting to the Board of Directors (BOD).

An executive summary of all internal audit reports will be shared with the Chairman, members of the Audit Committee, Senior Management, and the Governing Body at year-end, and formally presented to the BOD twice per year, ensuring ongoing oversight and governance transparency.



Accountability

The Head of Internal Audit in the discharge of her/his duties shall be accountable to FFA PBD ’s Governing Body and Audit Committee to:
  • Provide an assessment on the effectiveness and adequacy of FFA PBD policies, procedures, systems and controls annually, and the extent of its compliance.
  • Prepare an annual audit plan that is based on an assessment of the risks and challenges facing FFA PBD and that considers the effectiveness of FFA PBD’s processes to manage the identified risks;
  • Execute the annual audit plan approved by the Audit Committee, and for each area reviewed, issue an internal audit report detailing the significant issues related to the processes reviewed for controlling the activities of FFA PBD, including potential improvements to those processes and to issues;
  • Periodically provide information on the status and results of the annual audit plan.
  • Report on the status of the implementation of agreed actions in internal audit reports by performing follow-up and by issuing follow-up reports, highlighting significant outstanding issues previously reported.
  • Provide oversight of other control and monitoring functions.


Responsibility

The Internal Audit Unit has the responsibility to

  • Develop a flexible risk-based annual audit plan, covering the whole system of internal controls, through discussion with senior management and considering FFA PBD’s risks, major projects, significant areas of change, and specific management requests, and submit that plan for review and approval by the Audit Committee, then implement the risk-based annual audit plan. If, in the opinion of the HIA changes are required to the approved annual audit plan to address changes in risks / new risks, a summary of such changes together with the justification shall be channeled through The HIA and then presented to the Audit Committee and the Governing Body;
  • Ensure that the Internal Audit function operates in accordance with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics issued by the Institute of Internal Auditors (IIA), and aligns with relevant DFSA and DIFC regulatory requirements. including but not limited to GEN 5.5.1, which mandates an appropriately resourced and independent Internal Audit function with direct access to the Governing Body.
  • Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications or outsource the skills and capabilities needed to meet the requirements of this charter;
  • Issue a formal report at the end of each assignment after full discussion with the Senior Management of the area audited, together with agreed management action plans and an executive summary. The report will be issued to the Audit Committee and copied to the Chairman and the SEO;
  • Follow up audit findings to ensure that weaknesses identified in internal controls have been effectively addressed;
  • Issue periodic follow-up reports to the Audit Committee summarizing the action taken regarding reported matters and the current risk assessment.
  • An Executive Summary of all such reports should be presented to the Audit Committee at year-end, and such reports to be included in the Audit Committee reports at year-end to the Governing Body;
  • Seek feedback from the auditees at the end of each major assignment to facilitate continuous quality improvement
  • Assist in the investigation of significant suspected fraudulent activities within FFA PBD as requested by the Governing Body and/or Audit Committee and report the results to the Audit Committee and the Governing Body;
  • Liaise and coordinate with other third parties to prevent duplication of work and determine the extent of reliance on their work;
  • Educate and assist auditees in identifying business risks and mitigating them through a system of effective internal controls.
  • Perform any special audit assignments and assist other departments within FFA PDB as requested by the Chairman and/or the Audit Committee and/or the Governing Body.
  • Conduct special reviews as requested by Senior Management or the Governing Body, or the Audit Committee.
  • Review the internal control procedures of FFA PBD and determine their effectiveness and whether these measures are in FFA PBD’s interest.
  • Prepare reports, at least semi-annually, about the work performed by the IAU and the recommendations thereon, and submit these reports to the Audit Committee, allowing the external auditors the right to overview such reports that will be included in the Audit Committee’s reports to the Governing Body.
  • Review and ensure the effectiveness of the implemented following internal procedures:
    - System for supervision of operations and internal procedures according to the approved operation manual.
    - System for information processing, a system for security.
    - System for measurement of risks and expected results.
    - System for risk management and control.
    - System for documentation and information.
    - System for valuation of assets.
  • Review the effectiveness of the methods adopted by FFA PBD Risk Management Department in the identification and management of Risks.
  • Assess the effectiveness of the AML & Compliance Department’s oversight framework, ensuring adherence to DFSA and DIFC regulatory requirements
  • The Internal Audit Unit has responsibility for the safekeeping and confidentiality of all information provided by the Firm.

The Internal Audit Unit performs a review and support activity, which does not relieve the Senior Management of its responsibility for identifying, evaluating, and managing risk. The Internal Audit Unit may make recommendations for the improvement of internal controls. However, it is the management’s decision and responsibility to implement these recommendations or other actions it deems to be more cost-effective and appropriate. The Internal Audit Unit will, however, continue to report risks that have been identified and that, in its opinion, are not satisfactorily addressed

Independence and Objectivity

The Internal Audit function shall remain independent, both in appearance and substance, from all areas it audits. Internal auditors shall not undertake operational duties or responsibilities outside of the Internal Audit function. The personnel of the Internal Audit Unit report to the Head of Internal Audit, who reports administratively to the Chairman and functionally to the Audit Committee of the Board of Directors.

Internal auditors shall continually strive to be objective in performing their responsibilities.

Standards of Audit Practice

The Internal Audit Unit shall operate in compliance with the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors (IIA), and in alignment with DFSA regulations on Internal Audit requirements.
Click here to download the PDF version of the Internal Audit Policies and Rules

Subscribe to our Publications


About usFFA Private Bank DubaiSuggestions & Feedback

Download our App

Stay In Touch

FA Private Bank (Dubai) Limited is a Private Company wholly owned by FFA Group Holding Limited, registered under the laws of the Dubai International Financial Center (Commercial License No. CL0269) with registered address at DIFC, Gate Precinct, Building 5, Office 410, PO Box 506567, Dubai, UAE, Tel.: +971 4 3637470, Fax: +971 4 3637471, authorised and regulated by the Dubai Financial Services Authority (reference number F000240).

The information provided on this website is not an offer or solicitation to enter into a transaction and shall not be construed as such.
Webmail | Disclaimer | Cookies Policy
Copyright © 2025 FFA