BIMB Integrated Annual Report 2017

64 Intended Outcome Companies have an effective governance, risk management and internal control framework and stakeholders are able to assess the effectiveness of such a framework. Practice 10.2 The board should disclose–  whether internal audit personnel are free from any relationships or conflicts of interest, which could impair their objectivity and independence;  the number of resources in the internal audit department;  name and qualification of the person responsible for internal audit; and  whether the internal audit function is carried out in accordance with a recognised framework. Application : Applied. Explanation on application of the practice : The Internal Audit functions of BHB and its wholly-owned subsidiaries, namely Syarikat Al-Ijarah Sdn Bhd, BIMB Securities Sdn Bhd and BIMB Securities (Holdings) Sdn Bhd have been outsourced to the Internal Audit Division (“ IAD ”) of Bank Islam since December 2008. The IAD has approximately 38 personnel including the secretary. The IAD is led by the Acting Head of Internal Auditors, Encik Zalfitri Abd Mutalip (“ Encik Zalfitri ”). Encik Zalfitri joined Bank Islam’s IAD in October 2007 and was appointed as the Acting Head of Internal Auditors on 1 June 2017. Encik Zalfitri is a Certified Public Accountant and a Fellowmember of the ACCA, he is also a Certified Internal Auditor for financial institution (CIA FIN). The Internal Audit functions are done in compliance with the International Professional Practices Framework and the Internal Audit Charter to provide a reasonable assurance that the risk management process, internal controls and governance practices are operating satisfactorily and effectively, in line with the Group’s goals and objectives. The Internal Audit functions report directly to the AEC and is independent of the activities of its auditees. The primary responsibilities of the IAD are to undertake regular and systemic reviews of the risk management process, internal control and governance practices of BHB and its wholly-owned subsidiaries. The reviews are done in compliance with the International Professional Practices Framework and the Internal Audit Charter to provide a reasonable assurance that the risk management process, internal controls and governance practices are operating satisfactorily and effectively, in line with the Group’s goals and objectives. The scope of the Internal audit reports covers improvement opportunities, audit findings, management responses and corrective actions in areas with significant risks and internal control deficiencies. All Internal Audit Reports on the Company and its wholly-owned