Regulated entities are expected by the Malta Financial Services Authority (“MFSA”) to embed the principles of the Three Lines Model in their controls, operations and culture. The Three Lines Model should be adapted to the needs and business priorities of regulated entities thereby facilitating the identification of structures and processes that best assist them in achieving their objectives, stronger governance, risk management and financial crime compliance. The internal audit function forms part of the Three Lines Model as advocated by the MFSA.
Internal audit focuses on the wider concerns of regulated entities hence assisting them to mitigate risk exposures whilst achieving their objectives. An effective internal audit framework adds value and improves the operations of a regulated entity by integrating elements of control, risk management and compliance with the aim of helping it shape its governance structure. It identifies inefficient processes and areas of poor performance with the aim of maximising their effectiveness. A derogation issued in relation to the requirement on having an independent internal audit function should not be considered as a blanket derogation but rather regulated entities should consider the merits of having annual internal audit reviews.
A well-thought internal audit function includes:
- Risk Appetite Identification
- Internal Audit Risk Universe building
- Risk assessments
- Internal Audit Plan building
- Analysis and testing of internal audit areas
- Identifying control weaknesses
- Presentation of board reports outlining identified weaknesses and recommendations for improvement
- Follow-up on proposed recommendations and action plans
How can we assist?
Apex Group combines its industry knowledge and risk-based approach to tailor internal audit solutions to your risk appetite and business operations. Reach out to our team on compliance-malta@apexgroup.com or zasmalta@zasmalta.com to initiate discussions on establishing an internal audit process in your company.
