department charter risk & audit

SAVE THE CHILDREN, USA BANGLADESH COUNTRY OFFICE

2010

Department Charter ASSURANCE & RISK MANAGEMENT DEPARTMENT

TERMS OF REFERENCE

Assurance & Risk Management Department

Save the Children USA, Bangladesh Country Office

Page 1 of 13

PREFACE

Internal control is a process, affected by an entity's governing body, management and other

personnel, designed to provide reasonable assurance regarding the achievement of objectives in three

categories: a) effectiveness and efficiency of operations; b) reliability of financial reporting; and c)

compliance with applicable laws and regulations. Therefore, a directorate within the organization

should provide governing members with valuable assistance by giving objective assurance on

governance, risk management, and control processes.

The Terms of Reference (TOR) establishes the mission and fiduciary responsibilities of the risk

management and internal audit functions (called the Assurance and Risk Management Department,

ARMD) under the oversight of the Country Director of Save the Children, USA, Bangladesh Country

Office; as well as set out the operating environment and mandate to generate an understanding of

ARMD’s role, approach, relationships and reporting.

MISSION

The mission of the Assurance and Risk Management Department, ARMD is to provide independent,

objective assurance and consulting services designed to add value and improve the organization's

operations. It assists Bangladesh Country Office in accomplishing its objectives by bringing a

systematic, disciplined approach to evaluate and improve the effectiveness of risk management,

internal control, and governance processes.

SCOPE OF WORKS

The scope of ARMD work encompasses a systematic, disciplined approach to evaluating and

improving the adequacy and effectiveness of risk management, control, and governance processes and

the quality of performance in carrying out assigned responsibilities. The purpose of evaluating the

adequacy of the organization's existing risk management, control, and governance processes is to

provide reasonable assurance that these processes are functioning as intended and will enable the

organization's objectives and goals to be met, and to provide recommendations for improving the

organization's operations, in terms of both efficient and effective performance. Senior management

and the CD might also provide general directions as to the scope of work and the activities to be

audited.

The Assurance and Risk Management Department works independently to provide objective

assurance through methodically review and verify all of the organization's operations, resources,

services, programs and processes in place to:

Establish and monitor the achievement of organization’s objectives;

Facilitate policy and decision making;

Ensure the economical, effective and efficient use of resources;

Ensure compliance with established policies, procedures, laws and regulations;

Safeguard assets, interests and reputations of organization;

Ensure the integrity, reliability and quality of information, accounts and data

Based on engagement, nature and purpose of the functional activities, scope of works of ARMD are

outlined in three broader categories as A) Assurance Services B) Risk Management and C) Advisory

Services.

TERMS OF REFERENCE



Page 2 of 13

A. ASSURANCE SERVICES

Assurance services are independent professional services that improve the value of information or its

context through evaluations and assessments that focus on identifying the quality of processes,

procedures, and general operations for decision makers. Often associated with the evaluation of

accounting records and procedures, the main focus of assurance services is to confirm the accuracy

and proper maintenance of the accounting records, and thus assure all interested parties that there

are no irregularities in the records themselves. This same general approach will also be applied to the

evaluation of procedures within various departments and functions of the organization.

The explicit purpose of assurance services is to provide independent and professional opinions

on the quality and reliability of information to the Country Director as well as other SMT

members within Save the Children - USA, Bangladesh Country Office.

Project Assurance

ARMD provides assurance that the agency delivers quality services (program quality) to the targeted

beneficiaries and stakeholders at the level of donor’s intention (purpose of funds) and implements

projects using the resources efficiently and cost effectively (usage of funds) within set terms and

conditions (compliance).

Internal Audit

Internal auditing is an independent appraisal activity established within an organization to verify and

certify its activities as a service to the organization. It objectively examines, evaluates and reports on

the adequacy of the control environment as a contribution to the proper, economic, efficient and

effective use of resources. Internal audit functions provide assurance relating to:

Compliance with legislation, regulations, policies, procedures, and terms and conditions;

Safeguarding of assets;

Reliability and integrity of financial and operational information; and

Effectiveness and efficiency of programs operations

The work of internal audit forms part of the assurance framework, however, the existence of

ARMD does not diminish the responsibility of management to establish systems of internal

control to ensure that activities are conducted in a secure, efficient and well-ordered manner.

Performance Audit

It is also distinguished as ‘operation audit; an objective and systematic examination of evidence for

the purpose of providing an independent assessment of the performance of the organization,

program, activity, or function in order to provide information to improve accountability and facilitate

decision-making by parties with responsibility to oversee or initiate corrective action.

A report of management's abilities is typically prepared to meet particular goals. Included in the

report are measures of the effectiveness of internal controls and efficiency of procedures and

processes. The performance audit may be initiated by the organization or by external interested

parties. However, the performance audit is not performed as a means to attest to the financial records

and statements of the organization.

TERMS OF REFERENCE



Page 3 of 13

Internal Audit and Review Process

Generally ARMD follows the following process while review or audit any entity:

Select audit engagement from Internal Audit Calendar

Notify audit / review engagement to the auditable unit, department, project or partner

Evaluate, test and verify adequacy of controls in the system at on-site visit

Identify control concerns, risks and alternative control improvement recommendations;

Discuss observations with management and reach agreement in principal to the audit issues;

Prepare formal audit / review report noting findings and recommendations and share;

Receive management responses from audited entity;

Issue final report to the CD, with management response

Sampling – Identify Control or Transactions to be Tested

Sampling involves testing less than 100 percent of a population and then utilizing the results to draw

a conclusion about the entire population. This process saves the time, effort, and expense that may be

involved in comprehensive testing. Audit sampling is a method by which an auditor can draw

conclusions about the whole of a group of items (the "population") by examining some of them ("the

sample"). Sampling is most effective for populations in which a large number of similar transactions

are processed in a similar manner.

The extent of testing a sample of controls or transactions may vary depending on a variety of factors

including complexity, population size, transaction frequency, importance, type of activity (manual or

automated), and level of comfort desired from a test. ARMD members determine sample sizes, based

on population and risk, and to draw conclusions as to what is happening in a population of audited

items.

Systematic Sampling: A random approach of selecting items at intervals. The first item in the selection

process must be picked at random. Often used in financial auditing to test for understatement.

Dollar Unit Sampling: A unique statistical approach based on a probability proportional to size. The

probability of any one item being selected for detailed verification is proportional to the size of the

item. Often used in financial auditing to test for overstatement.

Judgmental Sampling: A nonrandom approach of selecting sample items based on the auditor’s

reasoning or suspicions. Often used to select examples of deficiencies to support the auditors’

contention that the system is weak. It can not statistically extrapolate sample results to the entire

population.

Sampling Documentation

The selection of sample sizes should be documented in the work papers. The following items should

be documented each time a sample is chosen:

population

sample size

sampling unit

sample design (e.g., random, haphazard, systematic)

definition/explanation of an error

errors detected and/or error rate

TERMS OF REFERENCE



Page 4 of 13

Testing Financial Transactions

In transaction tests, a selected number of sample transactions are tested to see if controls are

performing properly within a certain population. Based on the rate of error, auditors determine if they

can rely on the information developed from posting or recording transactions. The test helps auditors

determine the scope of audit work.

Performing risk identification and reduction activities in a detective approach, ARMD on a quarterly

basis tests the accounting vouchers and support documents of financial transactions selected through

a Judgmental Sampling from a periodic list of transactions or general ledgers.

Compliance Verification

ARMD conducts compliance verification on sample transactions to ensure that the standards are

implemented in a uniform manner according to the set guidelines, conditions and specifications of:

Donor

Local Government (Bangladesh Government’s laws and regulations)

SC USA Home Office

SC USA Bangladesh Country Office

Audit and Review Reports

Formal audit and review reports are designed to:

Identify control weaknesses noted during audit engagements;

Explain risk implications that result from control weaknesses;

Present alternative procedures to correct deficiencies;

Include management responses of the audited entity

The audit report is typically divided into the following sections:

Audit Scope, Objectives and Background

Audit Procedures, Resources and Methodology

Audit Findings, Risk Implications and Recommendations

Implementation of Audit Recommendations

Audit follow-up is an integral part of good management, and is a shared responsibility of agency

management and ARMD. Corrective actions taken by management on resolved findings and

recommendations is essential to improving the effectiveness and efficiency of CO operations. CO

management establishes systems to assure the prompt and proper resolution and implementation of

audit recommendations. These systems shall provide for a complete record of action taken on both

monetary and non-monetary findings and recommendations.

ARMD conducts further review to provide assurance that management has adequately implemented

recommendations of previous audit or review and resolved previous problems. These reviews also

ensure that the upper management is informed of non-resolution of previous problems.

TERMS OF REFERENCE



Page 5 of 13

ARMD Roles and Responsibilities in Internal Audit Services

The Internal Audit unit under ARMD supports the Country Director (CD) by providing independent

and objective assurance assessments of the organizations management control framework, systems

and practices, and governance processes. Followings are the key responsibilities of ARMD under its

internal audit and review functions:

Prepare a rolling three-year strategic risk-based internal audit plan which will be translated

into an annual plan for formal agreement and ratification by the CD;

Carry out certain reviews on a cyclical basis (e.g. CO, IAO, DTO and Partners), however, audit

resources will, increasingly, be allocated on the principle of continuous planning which takes

in to account key risks as they emerge;

Review, appraise and report to management on the soundness, adequacy and application of

internal controls; the extent to which the assets and interests are accounted for and

safeguarded; the suitability and reliability of financial and other management data, including

aspects of performance measurement;

Work with the external auditors to ensure that the nature and quality of internal audit

coverage assists them in the discharge of their duties;

Report annually, to the CD on the annual audit coverage, providing an overall assessment of

internal control environment on key financial and operational systems;

Review and certify grant / funding claims as required;

Compliance Assurance

ARMD provides regular validation and certification that Bangladesh Country Office meets strategic

and reporting requirements of different entities (home office, donor, local government) relating to

their accepted practices, laws, legislation, prescribed rules and regulations, policies, specified

standards, or the terms of a contract.

Identification of Compliance Obligations

Assess the extent of compliance with BdCO and/or other relevant policies, guidelines and

procedures

Assists in promoting a culture of compliance and takes an active interest in ethical issues

associated with the BdCO’s dealing activities

Assists implementing Compliance Chart that reflects the key activities performed by an

operating unit to understand and manage its compliance risks

Compliance report on the outcomes from the annual legal compliance certification process

completed by CD Offices

Compliance Risk Reporting, Monitoring and Mitigation

Investigation

ARMD performs its responsibilities to investigate allegations of fraud or irregularity through detailed

inquiry or systematic examination of discovering facts.

Investigate allegations of fraud or irregularity to help safeguard public funds

Investigate all reported irregularities in accordance with established strategies and protocols;

by its very nature fraud-related work is unpredictable in terms of its timing and extent.

Conducting ad hoc and confidential investigations at the request of SMT or CD

TERMS OF REFERENCE



Page 6 of 13

Ombudsmen

An ombudsmen committee addresses concerns (such as administrative abuse or maladministration)

that employees, public, or groups have about organizations or bureaucracies. In these situations, the

ombudsperson acts as an impartial mediator between the two parties, providing a less threatening

type of dispute resolution.

The Head of ARMD, as an active member of the Ombudsmen Committee, to help reduce friction

between staffs, related local public, and the organization, he/she must be viewed as trustworthy and

neutral; the process will not work if one party believes that the ombudsperson is taking the side of the

other party.

A complaint to the Ombudsmen Committee must be made in writing through the CD. The

correspondence must include full details of the matter/issue and provide full details of the

complainant including a signature. And also the person raise compliant must be assured by the

committee that his/her personal information will be kept confidential.

The power of the ombudsperson lies in his ability to investigate complaints of wrongdoing and then

notify the staff or the relevant department of the organization, or both, of the findings. However, an

ombudsperson cannot change or make laws, enforce any recommendations, or change administrative

actions or decisions.

B. RISK MANAGEMENT

Risk is the uncertainty of an event occurring that could have an impact on the achievement of

objectives. Risk management is a central part of any organization's strategic management. It is a

process methodically addresses the risks across the portfolio of all activities attaching the goal.

ARMD team members assist both management and the CD by examining, evaluating, reporting, and

recommending improvements on the adequacy and effectiveness of management’s risk processes.

Management and the CD are responsible for their organization’s risk management and control

processes. However, ARMD acting in a consulting role can assist the organization in identifying,

evaluating, and implementing risk management methodologies and controls to address those risks.

This ToR provides guidance on the major risk management objectives that ARMD considers in

formulating an opinion on the adequacy of the organization’s risk management framework.

Risk management framework

The risk management framework is a set of components that provide the foundations and

organizational arrangements for designing, implementing, monitoring, reviewing and continually

improving risk management processes throughout the organization.

ARMD determines the methodology is understood by key groups or individuals involved in

governance, including the SMT and CD. Formulating an opinion on the overall adequacy of the risk

management framework in Bangladesh Country Office, ARMD substantiate that existing risk

management processes address following key objectives:

TERMS OF REFERENCE



Page 7 of 13

Risks are identified and prioritized.

Management has determined the level of risks acceptable to the organization

Risk mitigation activities are designed and implemented to reduce, or otherwise manage, risk

at levels that were determined to be acceptable to management.

Ongoing monitoring activities are conducted to periodically reassess risk and the effectiveness

of controls to manage risk.

Management receives periodic reports of the results of the risk management processes.

Risk assessment

Risk assessment is a systematic process for assessing and integrating professional judgments about

probable adverse conditions and / or events.

Developing assessments and reports on the organization’s risk management processes is normally a

high audit priority. Evaluating management’s risk processes is different than the requirement that

ARMD use risk analysis to plan audits. However, information from a comprehensive risk management

process, including the identification of management and board concerns, can assist the internal

auditor in planning audit activities.

Risk treatment

Risk treatment involves a cyclical process of assessing a risk treatment; deciding whether residual risk

levels are tolerable or not; if not tolerable generating a new risk treatment; and assessing the effect of

that treatment until the residual risk reached complies with the organization’s risk criteria. Risk

treatment options are not necessarily mutually exclusive or appropriate in all circumstances.

Treat or Manage - management controls—proactive

Take or Accept - Low likelihood and impact provides low exposure—inactive

Transfer or Insure - Obtain a policy to cover for loss—reactive

Terminate or Avoid - Stop all activity related to undesirable risk—non-active

Selecting the most appropriate risk treatment option involves balancing the costs and efforts of

implementation against the benefits derived having regard to legal, regulatory, and other

requirements, social responsibility and the protection of the natural environment. A number of

treatment options can be considered and applied either individually or in combination.

ARMD justifies and provides objective assurance to the appropriateness of the decisions for risk

treatments.

ARMD Roles and Responsibility in Risk Management

ARMD’s core role with regard to Risk Management (RM) is to provide objective assurance to the

Country Director on the effectiveness of organization's RM activities to help ensure key business risks

are being managed appropriately and that the system of internal control is operating effectively.

The main factors should take into account when determining ARMD's role are whether the activity

raises any threats to the internal auditors' independence and objectivity, and whether it is likely to

improve the organization's risk management, control, and governance processes.

TERMS OF REFERENCE



Page 8 of 13

Core roles in regard to Risk Management:

Giving assurance on risk management processes.

Giving assurance that risks are correctly evaluated.

Evaluating risk management processes.

Evaluating the reporting of key risks.

Reviewing the management of key risks.

Legitimate roles with safeguards:

Facilitating identification and evaluation of risks.

Coaching management in responding to risks.

Coordinating RM activities.

Consolidating the reporting on risks.

Maintaining and developing the RM framework.

Championing establishment of RM.

Developing risk management strategy for management approval.

Roles internal auditing should NOT undertake:

Setting the risk appetite.

Imposing risk management processes.

Management assurance on risks.

Taking decisions on risk responses.

Implementing risk responses on management's behalf.

Accountability for risk management.

ARMD emphasizes that Bangladesh Country Office should fully understand that management

remains responsible for risk management. Internal auditors should provide advice, and

challenge or support management's decisions on risk, as opposed to making risk management

decisions.

C. ADVISORY SERVICES

ARMD maintain a dynamic, team oriented environment which encourages personal and professional

growth; provide consulting and advisory services for management, programs and program supports

units.

ARMD contributes advisory services in the following areas:

Risk and control assessment (including control self-assessment);

Performance management and related systems;

Financial and business analysis to assist in problem solving; and,

Monitoring and evaluation systems of program implementations.

TERMS OF REFERENCE



Page 9 of 13

ARMD provides routine consultation and advisory services to BdCO management. This may include,

but is not limited to, interpreting policies and procedures, participation on standing committees,

limited-life projects, ad-hoc meetings, and routine information exchange.

Included but not limited, the objectives of the advisory function are to:

Support the PSMS units to discharge their regular duties efficiently and effectively;

Support the finance & assets directorate’s objective of ensuring the provision of sound

financial systems;

Perform systems and business process ‘As-Is’ reviews;

Recommend Minimum Operating Standards (MOS) for the Country Office operations and

services

As part of its consulting role ARMD may be asked to provide input into the development of new

policies, procedures, systems or processes. ARMD may provide such input provided it does not

impair audit independence. Ultimately, management is responsible for making the final

decisions on changes to policies, procedures, systems, or processes.

Ethics Advocate

All people associated with the organization share some responsibility for the state of its ethical

culture. Because of the complexity and dispersion of decision-making processes, each individual

should be encouraged to be an ethics advocate, although the role is merely conveyed informally.

Codes of conduct and statements of vision and policy are important declarations of the organization s

values and goals, the behavior expected of its people, and the strategies for maintaining a culture that

aligns with its legal, ethical, and societal responsibilities.

ARMD takes an active role in support of the organization s ethical culture. They possess a high level of

trust and integrity within the organization and the skills to be effective advocates of ethical conduct.

They have the competence and capacity to appeal to the organizations leaders, managers, and other

employees to comply with the legal, ethical, and societal responsibilities of the organization.

Assessment of the Organization s Ethical Climate

ARMD evaluates the effectiveness of an enhanced, highly effective ethical culture.

Frequent communications and demonstrations of expected ethical attitudes and behavior by

the influential leaders of the organization

Several, easily accessible ways (like ombudsmen committee) for people to confidentially

report alleged violations of the Code, policies, and other acts of misconduct

Practice of regular declarations by employees, suppliers, and customers that they are aware of

the requirements for ethical behavior in transacting the organization s affairs

Easy access to learning opportunities to enable all employees to be ethics advocates.

Positive personnel practices that encourage every employee to contribute to the ethical

climate of the organization

Regular surveys of employees, suppliers, and customers to determine the state of the ethical

climate in the organization

TERMS OF REFERENCE



Page 10 of 13

ACCESS AND AUTHORITY

ARMD staff members are authorized (in accordance with local laws and regulations) to have full, free

and unrestricted access to all functions, premises, assets, personnel, records, and information which

are necessary to execute their responsibilities effectively.

ARMD representatives must have the opportunity to attend relevant committee meetings (e.g.

Ombudsmen Committee meetings, Senior Management Team meetings) to raise any matters (either

orally or in writing) that are reasonable and necessary.

All employees and directorates of the BdCO, or partners / agents contracted to provide services on its

behalf, are required to give complete co-operation to ARMD staff for the expedient fulfillment of the

audit and verification process.

ARMD representatives have the authority to request CD for inviting GARS to perform a specific in-

depth audit.

The ARMD Director and staff are not authorized to:

Perform operational duties for the CO or its affiliates.

Initiate or approve accounting transactions external to the internal auditing department.

Approve changes to accounting processes or systems.

Direct the activities of any employee not employed in ARMD, except to the extent such

employees have been appropriately assigned to ARMD teams or to otherwise assist the

internal auditors.

CONFIDENTIALITY

All documentation, systems (e.g. complaints register, reports and files), management, and information

accessed by the ARMD in the course of undertaking any internal audit or review activities, are to be

used solely for the conduct of these activities. The Head of ARMD and other individual staff are

responsible and accountable for maintaining the confidentiality of information they received during

the course of their works.

INDEPENDENCE

To avoid potential conflicts of interests ARMD staffs must be independent of the business activities of

program and support units and report functionally to the Country Director through their next higher

level ARMD supervisor.

ARMD staff members are independent when they can carry out their work freely and objectively.

Independence permits ARMD staff to render the impartial and unbiased judgments essential to the

proper conduct of engagements. It is achieved through organizational status and objectivity.

TERMS OF REFERENCE



Page 11 of 13

Organizational Independence

Internal auditors should have the support of senior management and of the CD so that they can gain

the cooperation of engagement clients and perform their work free from interference.

The Head of ARMD have direct communication protocol with the SMT and Country Director. Regular

communication with management helps assure independence and provides a means for the CD to

keep each other informed on matters of mutual interest.

Disclosing Reasons for Information Requests

At times, an ARMD staff may be asked by the engagement client or other parties to explain why a

document that has been requested is relevant to an engagement. Disclosure or nondisclosure during

the engagement of the reasons why documents are needed should be determined based on the

judgment that is made by the Head of ARMD in light of the specific circumstances.

INDIVIDUAL OBJECTIVITY

ARMD members’ essentially have an impartial, unbiased attitude and unfetter from conflicts of

interest.

Objectivity requires ARMD members to perform engagements in such a manner that they have an

honest belief in their work product and that no significant quality compromises are made. ARMD

members are not to be placed in situations in which they feel unable to make objective professional

judgments.

It is unethical for an ARMD member to accept a fee or gift from an employee, client, customer,

supplier, or associate. Accepting a fee or gift may create an appearance that the person's objectivity

has been impaired.

ARMD members report to the Head of ARMD any situations in which a conflict of interest or bias is

present or may reasonably be inferred. A scope limitation along with its potential effect should be

communicated, preferably in writing, to the Country Director.

ARMD members are not assumed operating responsibilities. If senior management directs ARMD

members to perform non-ARMD work, it should be understood that they are not functioning as

internal auditors. Moreover, objectivity is presumed to be impaired when internal auditors perform an

assurance review of any activity for which they had authority or responsibility within the past year.

INVESTIGATE AND CHALLENGE

When ARMD perceive a compliance risk or when a management decision may give or has given rise to

a significant financial or reputational risk for the organization, it must investigate and challenge any

actions or concerns without influence from the operation. If the matter is not promptly resolved, the

ARMD and relevant management must follow the escalation process.

TERMS OF REFERENCE



Page 12 of 13

REPORTING

ARMD must report at least annually to Country Director and relevant committees on the effectiveness

of implementation and embedding of the TOR and framework and policies against donor / Home

Office guidelines in addition to other relevant compliance and risk management topics that may be

required by SC USA BdCO. Head of ARMD must ensure reports are accurate, current, and on-time.

In addition, the ARMD must also report incidents and issues to the Country Director and the next

higher level ARMD staff, as necessary or required.

The ARMD, upon completion of an audit, will discuss the audit findings with the member of

management responsible for the area audited or reviewed. A written report of the review findings /

observations and the manager's response will be sent to the Country Director (CD) within three weeks

of the review completion. Follow-up procedures will vary depending on the severity of the audit

findings, but will be within six months at the latest.

PLANNING

ARMD establishes risk-based plans to determine the priorities of the internal audit activity, consistent

with the organization's goals. The internal audit plan should be designed based on an assessment of

risk and exposures that may affect the organization. The degree or materiality of exposure can be

viewed as risk mitigated by establishing control activities.

PROFESSIONAL STANDARD

ARMD adheres to the Standards for the Professional Practice of Internal Auditing and the Code of

Ethics adopted by the Institute of Internal Auditors (IIA). As well as, relevant rules and regulations

issued by Bangladesh Government are also considered as standard to comply with.

ARMD as a department,

comply with relevant auditing standards, for example, ‘International Standard for Professional

Practice of Internal Auditing’;

comply and promote compliance throughout the organization with all BdCO rules and

policies;

be expected at all times to adopt a professional, reliable, independent and innovative

approach

RELATIONSHIP AND LIASON

Internal relations:

The main contact is with other employees of Save the Children – USA, Bangladesh Country Office.

ARMD staffs ensure that they explain to the person/s concerned the purpose of the audit or review

and the various stages that the audit or review process will follow.

TERMS OF REFERENCE



Page 13 of 13

External relations:

External Auditors (From local Institutes, donors, SC Home Office or Regional Offices)

Partner NGOs’ and other organization’s staffs.

Vendors, Consultants or other relevant third party

Members of the public

CAPACITY DEVELOPMENT

The Head of ARMD is responsible for continuing educational development to enhance professional

and personal growth of the team members as well as other staff members of the country office. He

ensures that all ARMD staffs have received appropriate training to perform their jobs efficiently and

effectively. A yearly training program shall be developed and approved by the Country Director.

ARMD promotes:

Strengthening and professionalization of the internal audit function through the

establishment of, and adherence to stringent professional standards and the application of

internationally recognized internal auditing practices;

The recruitment of skilled and qualified professionals

STAFFING AND SUPERVISION

Direct supervisor

The Head of Assurance and Risk Management Department is the direct supervisor of the staff

members of ARMD under administrative and functional supervision.

Content and methodology of supervision

The ARMD works directly under the CD’s Section. This department includes director, manager and

senior officer designations. The Job Descriptions and Key Performance Indicators (KPI) are developed

in collaboration with the CD, director and senior staffs of ARMD and serve as a benchmark for the

yearly performance appraisal.

REVIEW OF THE TERMS

The Terms of Reference shall be reviewed and updated annually.

__________END__________

department charter risk & audit

Documents