The purpose of this Charter is to explain the objectives, scopes, performing, authority, roles, and responsibilities of internal audit department to the management and employees of National Credit Bureau Co., Ltd. (hereinafter referred to as “the Company”). This Charter has been accepted and approved from the Audit Committee and the Board of Directors according to the resolutions of the meetings dated 23 December 2015 and 21 March 2016, respectively.
1. Objectives of Internal Auditing
To support the Company to have sufficient, appropriate and efficient risk management and internal control. Also, to support the performing of the Audit Committee in achieving the objectives and target assigned by the Board of Directors in order to build reliability and transparency of the business for members, business partners, shareholders, directors, management, employees, public organizations, and any related persons.
2. Scopes of Internal Audit
The internal audit includes the following details.
2.1 Review and assess the sufficiency and efficiency of the Company’s risk management and internal control.
2.2 Review the reliability of financial information, financial statement, account recording, and accounting standards.
2.3 Assess the accuracy reliability and sufficiency of systems including information technology system to have concisely, appropriately, and efficiently internal control.
2.4 Review the sufficiency and appropriation of recording, utilizing, and keeping the Company’s assets and benefits.
2.5 Review the performing to be in accordance to corporate good governance.
2.6 Review and assess the internal control of operational system of the Company to be inline with policies, rules and regulations of the Company as well as principles, laws and regulations of the related public organizations, and quality of performing in the Company.
2.7 Observe, examine, review or investigate overall tasks as assigned by the Board of Directors, the Audit Committee, or Chief Executive Officer in discovering a mistake from performing or any other fraudulent issues.
2.8 Consulting advise or suggestion including performing guidance in order to have concisely and appropriately internal control system.
3. Internal Auditing Standards
The performing of internal audit must be in accordance with the International Standard for the Professional Practice of Internal Auditing of the Institute of Internal Auditors of Thailand.
4. Authority of Internal Audit
4.1 InInternal auditors have rights to examine all assets and activities of the Company including examining manuscripts, accounts and documents related to account recording, corresponding letters, and any reports related to the performing of auditees.
4.2 Internal auditors have rights to ask auditees for the information, documents, and explanation regarding to that auditing case. The management and employees of a department that is audited must cooperate and facilitate the auditing process entirely.
5.1 Internal audit department has independence: internal auditors report directly to the head of internal audit department, and the head of internal audit department reports directly to the Audit Committee.
5.2 The audit activities, scope of auditing, process of auditing, period of auditing, and details of audit reports, must be independent in order to have efficient audit performing, and achieve target as designed in audit planning.
5.3 Internal auditors and the head of internal auditor have no carry out responsibility or contribution in other performing which are not associated to internal audit performing, or activities which probably impair the independence and objectivity of internal auditors.
5.4 Internal auditors must disclose the conflict of interests that may occur from the auditing performing to the head of audit department.
5.5 If the independence is impaired by matters of fact or behaviors, Internal auditors must disclose the impact details to the head of internal audit department as well as report to the Audit Committee.
Chief Executive Officer and every level of the management have duties for supporting the performing of internal audit department to achieve its duties and objectives of auditing; and must not order or perform any activities which will disrupt or impair the independence in the performing of internal auditors. This is for the maximum benefits of the Company.
6. Internal Audit Report
The head of internal audit department proposes audit report and suggestion to the Audit Committee, and a copy of report to Chief Executive Officer.
7. The Line of Command
7.1 Internal Audit Department is directly under the Audit Committee.
7.2 The Audit Committee consider and agree to the appointment or removal of rotation change position or termination the Head of Internal Audit, and propose to the Board of Directors for approval.
7.3 The Audit Committee is to be considered and approved the recruitment and the evaluation of employee’s performance in the Internal Audit Department, which the Head of Internal Audit Department give the opinion. If the Audit Committee has an approval, proposing to CEO for carry out.
8. Roles and Responsibility of Internal Audit Department
8.1 Internal auditors have auditing duty according to the International Standards for the Professional Practice of Internal Auditing.
8.2 Prepare an annual auditing plan and propose to the Audit Committee for approval within the last month of the Company’s fiscal year.
8.3 Examine, assess, and monitor the performing of each department of the Company to be in accordance with policies, rules, commands, and legal regulations.
8.4 Review and report the reliability and integrity of financial information and non-financial information of the Company.
8.5 Examine the internal control system and risk management in every process of each department in order to ensure that the Company has appropriate and concise internal control system; and it is sufficient to manage risk to be in controllable level and comply with the process of corporate good governance.
8.6 Examine information technology system consisting of IT general control auditing and IT Application Control auditing.
8.7 Consulting advise review and suggest the guidance in improving internal control, risk management, and good governance to the management and the audittee.
8.8 Thoroughly report all significant matters of audit finding to the Audit Committee and Chief Executive Officer.
8.9 Monitoring and examine the performing as advised from the auditing of internal audit department, a financial auditor, the Bank of Thailand, regulators, and other related public organizations in order to ensure that the management has implemented those advises effectively.
8.10 Prepare audit report and propose to the management for consideration within 30 days since the last date of auditing. Summarize and propose to the Audit Committee for acknowledgement in every the Audit Committee meeting.
8.11 In case the finding has issue supposing to be fraudulence, the head of internal audit department must report immediately to Chief Executive Officer and the Audit Committee.
8.12 Coordinate in facilitating the performance of a financial auditor, the Bank of Thailand, regulators, or officers of related public organization that has legal authorization connected to auditing, and summarize reporting to Chief Executive Officer.
8.13 Performing according to the conduct of ethics of internal auditors.
8.14 The head of internal audit department is a secretary of the Audit Committee.
8.15 Perform any other auditing as assigned by the Audit Committee or the Board of Directors or CEO of the Company.
8.16 To appoint and review the policy, procedure, and audit process for Credit Scoring Preparation and Disclosure and the manual of the internal audit department at least once a year and propose the Audit Committee for approval.
9. Human Resource Development
9.1 Internal auditors should be encouraged and supported by the Company in improving knowledge, skills, and ability by attending professional development and seminar of internal auditing continuously.
9.2 The head of internal audit department must providing the quality assurance of audit performance by distributing survey form to a department that has been audited for sharing opinion after exit the auditing process every time.
10. Ethics of Internal Auditors
Internal auditors must adhere to the conduct of Ethics in order to remain the reputation and raise the prestige of internal auditors as well as the profession as the following:
10.1 Performing with honest and diligence.
10.2 Posses objectivity and performing with associated persons impartially without any cross benefits.
10.3 Possess accountability, awareness, concentration, and dedication in order to be successful in effectively performance.
10.4 Keep confidentiality of information received from the performing. Do not disclose any information or audit reports to outsiders or unassociated insiders unless permission is granted from the Audit Committee. Also, do not use received information for personal advantages or against the purposes stated by law.
10.5 Do not accept any items or compensation, and do not associate with any activities or involvements that may causes independence or objectivity is impaired in performing the duties.
10.6 Do not use authority for personal benefits
10.7 Do not perform or associate with activities that may lead to damage or disgrace toward to the profession of internal auditing, individual, or the Company.
10.8 Must learn and improve individual always for increasing knowledge, competencies, and skills to successfully and effectively perform.
10.9 Posses the Company loyalty and cooperate in all of the Company’s activities.
10.10 Be a good role model of employees in other departments by strictly complies with rules and regulations of the Company, include the code of ethics, which stated by the Institute of Internal Auditors of Thailand is taken as a part of this Charter.
The internal audit department must review and consider the appropriation of internal audit charter annually. If any changes are required, the internal audit department must propose to the Audit Committee and the Board of Directors for consideration.
This Charter is effective since the date of 21 March 2016 by the approval from the Board of Directors of the Company in the meeting no 3/2016 held on 21 March 2016
Chairman of the Board of Directors