LogoRegulatory Alerts
2025-06-10

Internal Audit Regulation CBS_REG_04

The Central Bank of Somalia mandates all licensed banks, including foreign branches and subsidiaries, to establish an independent internal audit function led by a professionally qualified Internal Auditor. The regulation requires the auditor to maintain direct reporting lines to the board’s Audit Committee, execute annual risk-based audit plans covering all operations, and deliver quarterly written reports on systemic integrity, compliance, and financial controls. Banks must ensure immediate written notification to the Central Bank regarding insolvency risks, regulatory non-compliance, material operational changes, fraud or AML failures, and significant board or senior officer disruptions.

Central Bank of Somalia logo

Somalia

Central Bank of Somalia

Click to view thumbnail

2016 1 REGULATION ON INTERNAL AUDIT, 2016 REGULATION ON INTERNAL AUDIT, 2016 CBS/BS/REG/04

  1. INTRODUCTION 1.1. Authority 1.2. Applicability
  2. REQUIREMENTS FOR INTERNAL AUDITOR
  3. DUTIES OF INTERNAL AUDITOR
  4. INTERNAL AUDITOR’S DUTY TO REPORT TO THE CENTRAL BANK

2016 2 REGULATION ON INTERNAL AUDIT, 2016

  1. INTRODUCTION 1.1. Authority This regulation is made by the Central Bank pursuant to its authority set forth in Sections 34 and 120 of the Financial Institutions Law, 2012 (“FIL”), and Sections 38(1) and 52(1) of the Central Bank of Somalia Law, 2012, for the purpose of implementing Sections 30 “Internal Auditor,” 31 “Duty of the Internal Auditor to Report to the Central Bank,” and 32 “Consultations between External Auditor and Internal Auditor” of the FIL. 1.2. Applicability This regulation applies to all banks licensed by the Central Bank including branches and subsidiaries of foreign financial institutions.
  2. REQUIREMENTS FOR INTERNAL AUDITOR 2.1. Each bank shall establish and maintain an internal audit function headed by an Internal Auditor who is professionally qualified and competent in the field of auditing and has exhibited integrity in previous positions. 2.2. The Internal Auditor shall function in accordance with internationally accepted professional standards and guidance, such as those of the Institute of Internal Auditors. 2.3. The Internal Auditor shall have a direct reporting line to, and clear mandate from, the Audit Committee of the board of directors. 2.4. The Internal Auditor shall be independent of all audited and profit-generating functions in the bank. 2.5. The board of directors shall ensure that the Internal Auditor is provided with sufficient standing, authority, and resources, including a staff having the necessary expertise to fulfill its mandate from the Audit Committee and given the complexity of the bank’s operation. 2.6. The Internal Auditor shall be timely informed of all material changes to the bank’s strategies, risk appetite statement, policies, systems, and procedures, and shall be allowed access to any records, files, data, or other property of the bank including management information, the minutes of the board of directors and its committees, and the minutes of all committees of management.

2016 3 REGULATION ON INTERNAL AUDIT, 2016 3. DUTIES OF INTERNAL AUDITOR 3.1. The Internal Auditor shall develop an audit plan based upon a thorough risk assessment of the bank’s activities that conforms to internationally accepted professional standards and guidelines. The audit plan shall be approved by the Audit Committee and board of directors. The audit plan may cover multiple years but must be updated and approved annually. The scope of the audit plan shall apply to all activities of the bank including those at branches, subsidiaries, and outsourced. 3.2. Operating in accordance with the approved audit plan, the Internal Auditor and staff members shall independently examine and evaluate the entirety of the bank’s systems and processes for integrity, validity, reliability, effectiveness, efficiency, and timeliness: • Risk management. • Corporate governance. • Accounting and finance. • Capital adequacy and liquidity. • Internal control, including safeguarding of assets. • Management Information. • Compliance; and • Reports to the Central Bank. 3.3. The Internal Auditor shall report in writing on the results of the internal audit to senior officers and the board of directors on a quarterly basis or more frequently if required by the work plan or requested by the Audit Committee. 3.4. The Internal Auditor shall provide an investigative service to management on a case-by-case basis as approved by the Audit Committee. 3.5. The Internal Auditor shall consult regularly with the bank’s external auditor on significant matters that come to his/her attention and shall provide the external auditor with access to relevant internal audit reports.

2016 4 REGULATION ON INTERNAL AUDIT, 2016 4. INTERNAL AUDITOR’S DUTY TO REPORT TO THE CENTRAL BANK The Internal Auditor shall immediately report to the Central Bank in writing of the following matters. 4.1. The bank is insolvent, or there is a significant risk that the bank will become insolvent. 4.2. The bank has failed to comply with the requirements of the FIL, a regulation of the Central Bank, or a condition of its license. 4.3. There are existing facts about the bank which may be detrimental to the interests of depositors, including but not limited to the following: • There has been a material change in the risks inherent in the business of the bank with the potential to affect the bank’s ability to continue safe and sound operations. • A serious criminal offence involving fraud or other dishonesty has been, or is likely to be, committed. • Measures to prevent money laundering or terrorist financing are not being properly implemented. • There is a material conflict within or between the board of directors and senior officers of the bank. • A senior officer has unexpectedly left the bank’s employ. • The Internal Auditor resigns, or his/her employment is terminated. • The bank has failed to comply with a recommendation by the Internal Auditor that a matter be communicated to the Central Bank.

Share