AUDIT PLAN FOR RISK MANAGEMENT FUNCTION AS FROM 18th -29th Oct 2012 PREPARED BY: ELIMBORA ABIA

OCTOBER 2012

Formatted: Width: 11", Height: 8.5"

1. Introduction: Internal Audit department is expecting to conduct an internal audit work for the Risk and compliance Unit being a normal audit routine work for the year 2012 as from 18th-29th Oct 2012.The auditors will come up with observations, recommendations and suggestions for risk management improvements operations improvements and management as a whole. 2. Objective: The general objective of the work will be: To ascertain whether risk management processes in the bank is adequately addressed and being covered. To examine whether risk management processes are carried out in line with the BOT risk management guideline. To check if risks arising from business strategies and activities are identified and prioritized. To foresee if risk mitigation activities are designed and implemented to reduce, or otherwise manage, risk at levels that were determined to be acceptable to management and the board. To examine that ongoing monitoring activities are conducted periodically. Scope: The scope of the audit will cover all activities as foreseen by Risk Management Unit in different departments including, Treasury Unit, Operation Units, Credit and Administration unit, Retail banking unit, Human Resource department, and Finance department. The area under review will cover Oct 2011 to September 2012 4. Approach The approach to be used will involve: Reviewing and examining the bank risk management processes. Reviewing of Bank of Tanzania risk management guidelines. Bank policies and controls procedure Reviewing of previous audit.

Interview technique.

5. Risks The following risks will be taken in consideration in conducting the audit:

The risk that management processes in the bank is not adequately addressed and being covered. The risks that management processes are not carried out in line with the BOT risk management guideline. The risk that, risks arising from business strategies and activities are not timely identified and prioritized. The risk that, risk mitigation activities are not designed and implemented to reduce, or otherwise manage risk at levels that were determined to be acceptable by management . The risk that ongoing monitoring activities are not periodically conducted and rectified. Risk that, the bank employees are not aware of various risks surrounding their daily activities.
The risks that repots are not timely produced and shared.

6. Plan Date 1819/10/2 012 Area Opening meeting Basis of Audit None Auditor All Remarks/Su ggestions Minutes documented after the meeting Done Status Done

Formatted: Font: Not Bold

Risk identificati

Different sources

EAM

Not Don

Formatted: Indent: Left: 0.5", Space After: 0 pt, Line spacing: single, No bullets or numbering

on

used in risk identificati on. Different monitoring tools used. Different tools used in risk identificati on e.g Risk and Control self Assessment s(RCSA) tools

Risk controls

Review of CLC Policies and procedures. Borrower/l enders Limit observation -credit related ratios. Regulatory ratios observation

Risk Mgt Polic y revie wread and use the know ledge in other

Don e

scompliance reports being done over these ratios. Stress testing. BCP testing.

areas Docu ment the regul ations 2008 to be reque sted from CPK Stress testin g result s to be obtai ned from gilber trefer earlie r report s receiv ed durin g

treasu ry audit and check the treasu ry audit traini ng manu al. BCP testin g highli ghted in the curre nt updat e of audit issues by Julius most recent ly (awai ting reuter

codes for the test to be succe ssful). Risk measureme nts Bank Risks EAM Manageme nt framework. BOT risk manageme nt and guideline. Basel I, II, & III. Bank Risk Register. CLC ALCO reports ORCO reports and minutes. Monthly MANCOM reports. Quarterly Board Paper. Any other report used. Not done

2325/10/2 012

Risk reporting and monitoring

Chec k ALC O minut es for the scope of the audit Chec k issues

Don e

addre ssed. MAN COM Repor ts for the risk functi on Board paper for the dept. of risk and comp liance as requir ed to be prese nted to the Exec utive com mitte e of the

board . Complianc e issues Complianc e report Complianc e policy. Mont hly manc om report s with a comp liance sectio n inclu ded in the report . OSH A UPD ATE S KYC UPD ATE S CRE DIT RATI OS TRE Don e

ASU RY LIMI TS Comp liance on KYC, Credi t ratios Refer ence to the regul ations as of 2008 Not Done

29/10/2 012

Exit meeting

Discussion of raised issue.

All