Strategy and Scope
Right of Access
Relationship With External Auditors
To achieve this mission, Internal Audit Department uses an
integrated strategy that focuses on areas of high risks and on
partnering with the Heads of other departments to achieve the
Central Bank of Oman’s business objectives.
The activities of the Internal Audit function are overseen by the
Audit Committee of Board of Governors of CBO, headed by H.E. The
Deputy Chairman of the Board of Governors. Senior Manager – Internal
Audit Department is required to report to the Audit Committee on the
activities of Internal Audit and assure the Audit Committee on the
overall effectiveness of the control environment.
Strategy and Scope:
The scope of the Internal Audit Department has been covered under a
Charter approved by the Audit Committee. The corner stone of our
audit services is the assurance we provide by conducting audits and
reviews to assess the effectiveness of risk management, controls and
The Audit Committee and Executive Management relies on our assertion
that the assets of CBO are adequately safeguarded, information is
reported accurately, policies and procedures are being complied with
and best practices are being shared and followed.
In addition to these traditional services, Internal Audit Department
provides various “preventive” audit services aimed at identifying
and correcting problems before they occur. Services such as
pre-audits, participation in various committees, task forces,
business risk consultation, control self assessment facilitation and
control awareness education enable us to proactively leverage our
subject matter expertise throughout CBO and also to target areas of
greatest potential risk.
By doing so, IAD intensifies positive influence on the system of
controls and provide greater assistance to management in ensuring a
cost effective control environment throughout Central Bank of Oman.
The ultimate goal is to build a mindset of continuous risk
management utilizing cost effective controls to help achieve the
Banks’ objectives by all the departments of CBO.
Our Assurance Services
Regular Audits (Functional and Operational) – Internal Auditing
evaluates the internal control environment of operational areas,
processes and systems on a periodic basis to provide an independent
and objective appraisal of their related internal controls. This
also includes pre-audits of important payments, witnessing the
incineration, opening, packing and unpacking of currency notes etc.
System Reviews - This type of limited scope review is typically
initiated by the Top Management, other concerned departments of CBO
and also ourselves over a particular aspect of any department’s
performance and / or operations. It is intended to keep management
informed over the status of internal controls in selected areas,
processes or systems on a current basis.
Information Systems Audit – This type of assurance service evaluates
the adequacy of controls in computer systems to safeguard
information assets, maintain data integrity and achieve system
efficiency and effectiveness.
Special Audits – Unscheduled forensic investigations are performed
due to possible irregular activities that are beyond the normal
scope of regular audits and special reviews.
Business Risk and Internal Control Consulting- In CBO’s dynamic
business environment risks are constantly changing, often making
long-standing controls ineffective and or redundant. Institution of
controls is the responsibility of the Management. Internal Audit can
assist Management by providing experienced risk and control subject
matter experts to provide consultation on risk identification and
Task Force Memberships
- As member of various taskforces, Internal
Audit is expected to provide consultancy or advisory services or to
carry out special tasks. Providing such services will not affect
the Internal Audit Department’s right to audit or ability to express
a view on these areas subsequently where deemed necessary.
Provision of such services and whether such services will impact the
Internal Audit Department’s independence and objectivity will be
left to the decision of Board of Governors.
– Departments can send employees to
Internal Audit to develop their understanding of risks, controls
and gain exposure to operations throughout the Bank. Internal Audit
also assigns risk and control experts to other departments to assist
management in establishing or enhancing their vital risk management
and control processes.
Control Self-Assessment Facilitation
– Proactive organizations
recognize the importance of identifying the risks that threaten the
achievement of their business objectives and ensuring that controls
are effectively mitigating these risks. Control Self Assessment
(CSA) is a process in which Internal Audit can assist departments in
risk identification and control self-evaluation. It includes
facilitating workshops for other department’s personnel who are most
familiar with the activities under review. Business risk / control
knowledge gained from these workshops is then used by the group of
client department personnel to determine the effectiveness of
existing controls and make recommendation where deemed necessary to the management. This process can assist departmental management
by identifying internal control improvements, thereby resulting in
fewer control weaknesses in future audits.
Internal Audit department functions under the Audit Charter issued
by the Chairman Audit Committee H.E., The Deputy Chairman. The Audit
Committee (which is a sub committee of Board of Governors of CBO)
oversees the function of Internal Audit. The audits are carried out
in compliance with risk based audit procedure manual approved by
Audit Committee. All the auditors in Internal Audit department are
bound by the code of ethics to serve the organization. The
performance of the auditors is evaluated on the basis of Key
Performance Indicators, identified at the beginning of the year.
Except for special audits, where malpractice is suspected, the Audit
Committee approves a plan of audit assignments at the beginning of
each audit year. The timing, duration, objective and scope of the
audit assignments are pre-finalized as part of this Audit plan. The
concerned departmental management is informed of the audit
assignments to be started for their departments, barring the ones,
which require a surprise element in it. This helps the department
managers to budget their time and resources for the audit.
Fieldwork is carried out on the basis of approved audit programmes,
which are amended if necessary to keep the audit in line with the
recent changes, (including the risk category changes) into
consideration. An informal report is submitted to the auditee to
communicate Internal Audit’s understanding of the issues mentioned
within and also for their comments to be incorporated in the report
to make it a formal one. Discussions with the auditees forms an
essential part of our audit process throughout the audit activity.
The formal report is then forwarded to the Audit Committee for the
views of the Committee.
After receiving the directives of the Audit Committee, the copy of
the report is then sent to the auditee department and copy of
excerpts are marked to the relevant departments in line with the
Then a summary is prepared for the follow-up purpose and circulated
to the relevant departments for the status of implementation of the
directives. Once the feedback of the concerned department/s is
received then the follow-up report is submitted to the Audit
Committee and also a copy is marked to H.E. The Executive President
Right of Access:
In terms of our audit charter, Internal Audit has a right of direct
access to and will communicate with any member of the staff relevant
to the performance of the audits. Internal Audit is authorized to
examine any activity or entity in the Bank and has access, during
execution of their normal duties, to any records, files or data of
the Bank both manual or computerized including management
information and the minutes of all consultative and decision making
committees / task forces and minutes and resolutions of the minutes
of the Board of Governors of Central Bank of Oman including its
suppliers and customers.
The role of external auditors is to verify that the financial
statements of the Central Bank of Oman presents a true and fair view
of the Bank’s financial position. It is a statutory requirement that
an external and independent firm of accountants audits the Bank’s
accounts annually. External Auditors usually place reliance on the
work carried out by the internal audit, when forming their opinion
on the accounts.
Apart from conventional methods of conducting the audits, the
Internal Audit Department also uses advanced computer assisted audit
technology like Audit Command Language (ACL) for most of the audits.
The department is automated by using an audit management software.
Our Contact Numbers
For more information on any of internal audit services
please contact the following:
Ext No. Direct No.
Senior Manager – 2100 24703068
Internal Audit Department
Chief Auditor - 2108 24780966
Internal Audit Department
Please Report any suspected irregularity to
Senior Manager-Internal Audit Department