To transform audit department into a modern, efficient, proactive and I.T. oriented department, fully capable to conduct independent audit of all Bank’s activities, aiming to add value, improve operational efficiency, risk management and internal control system in line with international best practices for accomplishment of Bank’s mission.

To transform audit department into a modern, efficient, proactive and I.T. oriented department, fully capable to conduct independent audit of all Bank’s activities, aiming to add value, improve operational efficiency, risk management and internal control system in line with international best practices for accomplishment of Bank’s mission.The Internal Audit Department was established for the purpose of providing management and the Audit Committee of the State Bank of Pakistan Banking Services Corporation with reasonable assurance that the management control systems throughout the SBPBSC (Bank) are adequate and operating effectively. Internal Audit provides an independent and objective appraisal of activity for management and assuring them that risks are held at bay. To this end the Internal Audit provides the management with analysis, recommendations, counsel, and information concerning the activities reviewed. To accomplish its threefold mission of Banking, Currency Management and Customer Service, the Bank must maintain the confidence of its Stake Holders, Executives, Staff, Public and SBP. Confidence in the institution is paramount if the Bank is going to achieve its stated objectives. The Internal Audit Department provides valuable support in maintaining the public's confidence by performing independent and objective reviews and reporting to the Audit Committee and Managing Director on their findings so that corrective actions or enhancements can be initiated. The Internal Audit Department has 17 Audit Units across the SBPBSC. Out of these 17 Internal Audit Units, 16 Units exist at 16 Offices of SBP BSC and One Unit exists at Head Office, Karachi for on going auditing the various offices / departments. The Internal Audit Department assists operating management in achieving Banks financial and operating goals by evaluating controls to ensure systems function adequately, by identifying weaknesses, and by providing recommendations. Through complete and unrestricted access to records, property, and personnel, Internal Audit provides the Bank with an additional resource in meeting these goals. With the support of Bank management and the Audit Committee, the Internal Audit Department provides the highest quality of auditing services, thus enhancing control at the Bank.

The Internal Audit Department reports to the Office of the Managing Director and the Audit Committee of the Board of Directors. This reporting structure allows the Internal Audit Department to remain independent and report all items of significance to the Managing Director and the Audit Committee. The Director of Internal Audit attends all Audit Committee meetings and brings appropriate matters to the Committee's attention.

Internal Controls can be categorized as either accounting controls or administrative controls. Accounting controls are designed to safeguard Bank assets and ensure the accuracy of financial records. Administrative controls are designed to promote operational efficiency, effectiveness, and adherence to Bank policies and procedures. Bank management is responsible for designing and maintaining an adequate system of internal control. Internal Audit independently reviews and evaluates the adequacy of the system of internal controls and makes recommendations to management to improve these controls based on system testing and control analysis.

Types of Audits Performed The Internal Audit Department is expected to perform the following wide range of audit services including financial audits, compliance audits, operational audits, information technology audits, and consulting services. Currently compliance audit is being done however very soon all segments of audit will start operating.

• Financial Audits address questions regarding accounting and the propriety of financial transactions.
• Compliance Audits determine the degree of adherence to laws, regulations, policies, and procedures.
• Operational Audits review operating information and procedures to determine if any modifications of the operations could result in greater efficiency and effectiveness.
• Information Technology Audits evaluate system processing controls, data security, physical security, systems development procedures, contingency planning, and systems requirements.
• Management Audit reviews an independent and objective of management capability. It is used when institution is planning for change and to evaluate executives’ skills and potential.
• Consulting Services encompass a wide range of services, which allow the Bank community to utilize the Department's financial and information technology expertise to address a known problem or need.
  

When an audit is scheduled, an announcement letter is sent to the responsible parties. An entrance meeting is scheduled to discuss the objectives and scope of the audit. At the entrance meeting, any concerns or questions about the audit process are discussed. A typical audit is comprised of three stages: planning, fieldwork and reporting. The audit team will collect data and document the procedures, controls and/or activities being reviewed. Based on our risk assessment, the audit team will perform various types of tests and conclude on the adequacy of the control system. During the audit and at the conclusion of the fieldwork, the audit team will discuss with the appropriate staff of an area being audited any findings and recommendations noted during the audit process. A formal exit conference is held to discuss the audit findings and recommendations with the Chief Manager/ Departmental Head of the area being audited. Next the audit team will issue a draft report summarizing the findings and recommendations. The draft report has limited distribution, and the management of the audited department is provided approximately one week to draft written management responses as to how they plan to address the recommendations. The management responses are incorporated into the draft report along with any agreed upon changes, thus becoming a final report. The final report is distributed to the appropriate Bank management. All audit information is treated as confidential and is reported only to those within the Bank who need to know.

The Internal Audit Department tries to regularly participate in professional development programs to maintain and enhance their professional skills. Certified members of the staff complete the required continuing professional education each year to maintain their professional licenses. To find out more about audit, please contact any of the following. All other mail should be sent to the Director of Internal Audit

SBPBSC Audit Charter