MALTA DEVELOPMENT BANK Internal Audit Services

Transcription

1 MALTA DEVELOPMENT BANK Internal Audit Services

2 1. INTRODUCTION 1.1. The Malta Development Bank ( the Bank ) was established on 24 November 2017 when the Malta Development Bank Act, 2017 came into force (Act No XXI of 2017 CAP 574). It commenced operations on 11 December 2017 when the Board of Directors was appointed and held its first meeting. The MDB is fully owned by the Government of Malta The role of the Bank is to complement commercial banks and other institutions so as to address market failures and to bridge any financial gaps in bankable investments. In particular, the aim of the Bank is to provide credit enhancement facilities to commercial banks, thereby encouraging such intermediaries to expand the size and range of loans to clients, especially for SMEs and infrastructural projects The Bank invites auditors with experience in audit of banking sector clients to express their interest for the provision of internal audit services in relation to the Bank s operations The audits will be conducted in accordance with internationally recognised standards on internal auditing and in accordance with the requirements of the Malta Development Bank Act The selected internal auditor will not carry out other services that conflict with its internal audit function. 2. SCOPE 2.1. The Internal Audit function should be an independent and objective assurance and consulting activity guided by a philosophy of adding value to improve the operations and governance of the Bank. It shall assist in accomplishing the Bank s objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organisation s risk management, control and governance processes and assist in the enhancement of internal controls The scope of internal auditing to be carried out during the term of the engagement encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the organisation s governance, conduct of business, risk management and internal process as well as the quality of performance in carrying out assigned responsibilities to achieve the organisation s stated goals and objectives. This includes: a. Evaluating the reliability and integrity of information and the means used to identify, measure, classify and report such information.

3 b. Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws and regulations which could have a significant impact on the organisation. c. Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets. d. Evaluating the effectiveness and efficiency with which resources are employed. e. Evaluating operations or programmes to ascertain whether results are consistent with established strategic objectives and goals and whether the operations or programmes are being carried out as planned. f. Monitoring and evaluating governance processes; g. Monitoring and evaluating the effectiveness of the organisation s risk management processes; h. Evaluating present controls; i. Evaluating the financial management of the Bank; j. Monitoring and evaluating the compliance processes; k. Evaluating the adequacy of accounting systems and accounting policies; l. Evaluating the budgeting system and related procedures; m. Evaluating the adequacy of the reporting by the recipients and beneficiaries of the Bank s facilities on the use of funds provided to them for projects, operations and financial instruments; n. Assessing the appropriateness of rules and procedures for procurement; o. Evaluating the appropriateness of rules and procedures applied for the use of financial instruments; p. Assessing the measures taken by the Bank that ensure that its financial intermediaries implement procedures and systems in accordance with applicable agreements; q. Reporting periodically on the internal audit activity s purpose, authority, responsibility and performance relative to its plan;

4 r. Reporting significant risk exposures and control issues, including but not limited to fraud risks, governance issues and other matters needed or requested by the Audit Committee or Board of Directors; s. Performing services related to enhancing the governance, risk, management and control of the Bank and providing recommendations as necessary At the request of the Audit Committee, the Board of Directors or the Supervisory Board of the Bank, the Internal Auditor shall carry out special ad hoc assignments, investigations or risk assessments in accordance with paragraph 38(3)(b) of the Malta Development Bank Act The Internal Auditor s assignments shall at all times be subject to the examination and recommendations of the Supervisory Board in accordance with Schedule 2 paragraph 3(3)(f) and to the examination of the National Audit Office in accordance with paragraph 35(2) of the Malta Development Bank Act. 3. INTERNAL AUDIT PLAN 3.1. At least annually, the Internal Auditor will submit to the Audit Committee or the Board of Directors an internal audit plan for review and approval. The internal audit plan will consist of a work schedule of business areas of importance according to the needs of the Bank and in accordance with the requirements of the Malta Development Bank Act The internal audit plan will be developed based on a prioritisation of the audit universe using a risk-based methodology, including input of senior management, the Audit Committee or the Board of Directors. Any significant deviation from the approved internal audit plan will be communicated to senior management and the Audit Committee through periodic activity reports The first assignment shall cover the overall governance environment together with a general controls review of the Bank. Subsequent assignments shall cover specific processes and business areas based on the internal audit plan. 4. REPORTING AND MONITORING 4.1. A written report will be prepared and issued by the Internal Auditor in a timely manner following the conclusion of each internal audit engagement and will be distributed as appropriate for the attention and feedback of the respective function. Internal audit results will also be communicated to the Board of Directors through the Audit Committee.

5 4.2. The internal audit report will include management s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management s response, whether included within the original audit report or provided thereafter (within 30 days) by management of the audited area should include a timetable for anticipated completion of action to be taken in respect of the audit findings. Any other explanations and justifications provided by management will be included in the management s response The internal audit activity will be responsible for appropriate follow-up on engagement findings and recommendations. All significant findings will remain in an open issues file until cleared Data, information and deliverables shall be dealt with in strict confidence. Distribution to third parties shall be prohibited in accordance with the requirements of the Professional Secrecy Act The internal audit reports will be accessible the external auditors, the Supervisory Board and other competent authorities as needed. 5. ENGAGEMENT AND TIME SCHEDULE 5.1. The Internal Auditor will be expected to assign a partner and/or qualified director who will take responsibility for the management, conduct and timely completion of the internal audit engagements Once the Bank notifies the auditor of the acceptance of the audit services, the successful auditor is expected to give an Engagement Letter immediately before commencment, indicating the details of the services being provided in accordance with the requirements set out in this document. The provisions outlined herewith are to form an integral part of the Engagement Letter In addition to the first assignment referred to in paragraph 3.3, the Internal Auditor shall also perform at least two (2) internal audit engagements per annum The appointment shall be for a period of three (3) years, commencing in the year The appointment may be renewed annually thereafter subject to an overall period not exceeding five (5) years. The reappointment shall be at the sole discretion of the Board of Directors The appointed auditor will be expected to maintain a reliable line of communication with the Bank.

6 6. EXPRESSION OF INTEREST 6.1. The expression of interest documentation to be submitted by auditors is to include: a. A corporate profile of the firm/auditor, including: i. Services offered; ii. Experience in the area iii. Credentials for undertaking the exercise; iv. List of public sector internal audit clients v. List of financial institutions internal audit clients; vi. Outline organigram; vii. Number of persons employed b. A complete and comprehensive proposal detailing the methodology and standards that will be used for this assignment, indicating projected hours and number of personnel that will be allocated to the assignments. c. Brief profiles of the senior personnel that will work on these audits including qualifications and professional experience of each individual. d. A financial proposal in Euro (inclusive of VAT and all other applicable taxes) to cover all the requirements of this assignment shall be submitted, including the average billable hours per assignment and the charge out rates per grade of auditors working on the assignment. e. Submissions are to be made strictly in accordance with this document. Any additional material, brochures or promotional material may be submitted together with the information requested therein. f. All information requested in this document must be provided. If any section is not deemed to be applicable the interested party shall indicate it accordingly, without prejudice to the right of the Bank to disqualify any persons that do not provide the required information. g. The proposal submitted is to be signed by the authorised signatory of the respective firm.

7 7. DEADLINE FOR SUBMISSION OF EXPRESSION OF INTEREST 7.1. The proposal must be drawn up in English and submitted by not later than four (4) weeks after the date of this document. The Bank may invite auditors to supplement or clarify the documents they submit Auditors are to submit two (2) copies of their proposal which will be sealed in an envelope and mailed to Malta Development Bank, Pope Pius V Street, Valletta VLT SELECTION CRITERIA 8.1. Selection will be made in terms of the following evaluation criteria: a. List of banking sector internal audit clients 20% b. Overall proposal presentation addressing MDB s requirements including audit approach, methodology, expertise, time allocation and reputation. 55% c. Overall cost of audit assignments 25% 9. TERMINATION 9.1. Without prejudice to the above, the Bank reserves the right to terminate the assignment without compensation in the event that there is an unjustified delay in the timings provided in the audit plan of more than ten (10) working days or if the successful firm demonstrates a lack of ability to perform these tasks. 10. PAYMENT 10.1 Payment will be effected within thirty (30) days from the issue of an invoice and following the presentation of the final report.

8 11. ADDITIONAL INFORMATION 11.1 The Bank reserves the right to reject any or all proposals, even the most advantageous The Bank undertakes to deal with the information provided in strict confidence. Document date: 17 December 2018