Audit & IT Oversight Committee Charter
I. Purpose and Scope
The purpose of the Committee is to represent and assist the Board of Directors in its general oversight of the Bank’s accounting and financial reporting processes, audits of the financial statements, and internal control and audit functions.
Management is responsible for the preparation, presentation and integrity of the Bank’s financial statements, accounting and financial reporting principles, and the Bank’s internal controls and procedures designed to promote efficiency and effectiveness of operations and compliance with accounting standards and applicable laws and regulations.
The Commission on Audit (COA) as the independent auditing firm is responsible for performing an independent audit of the consolidated financial statements in accordance with generally accepted auditing standards.
This Committee serves a board level oversight role where it oversees the relationship with the independent external auditor, as set forth in this charter, receives information and provides advice, counsel and general direction, as it deems appropriate, to management and the auditors, taking into account the information it receives, discussions with the auditor, and the experience of the Committee’s members in business, financial and accounting matters.
II. Duties and Responsibilities
The Committee will carry out the following responsibilities:
1. Reviews significant accounting and reporting issues and understand their impact on the financial statements. These issues include:
- Complex or unusual transactions and highly judgmental areas.
- Major issues regarding accounting principles and financial statement presentations, including any significant changes in the Bank’s selection or application of accounting principles.
- The effect of regulatory and accounting initiatives, as well as off-balance sheet structures, on the financial statements of the Bank.
2. Reviews and analyses reports prepared by management and/or the independent auditor setting forth significant financial reporting issues and judgments made in connection with the preparation of the financial statements, including analyses of the effects of alternative GAAP methods on the financial statements.
3. Reviews with management and the independent auditors the results of the audit, including any difficulties encountered. This review will include any restrictions on the scope of the independent auditor’s activities or on access to requested information, and any significant disagreements with management.
4. Discusses the annual audited financial statements with external auditors and monthly financial statements with management and the internal auditors, including the Bank’s disclosures.
5. Reviews disclosures made by the Chief Executive Officer (CEO) and The Treasurer/ Chief Financial Officer (CFO)/Controller about significant deficiencies in the design or operation of internal controls or any fraud that involves management or other employees who have a significant role in Bank’s internal controls.
- Considers the effectiveness of the Bank’s ' internal control system, including information technology security and control.
- Understands the scope of internal and external auditors' review of internal control over financial reporting, and obtain reports on significant findings and recommendations together with management's responses.
- Reviews with management and the Internal Auditor the internal audit charter, plans, activities, staffing, and organizational structure of the internal audit function including IT audits.
- Ensures there are no unjustified restrictions or limitations, and review and concur in the appointment, replacement, or dismissal of the Internal Auditor.
- Reviews the effectiveness of the internal audit function, including compliance with the Institute of Internal Auditors' Standards for the Professional Practice of Internal Auditing.
- On a regular basis, meets separately in executive sessions with the Internal Auditor to discuss any matters that the Committee or internal audit believes should be discussed privately
- Reviews the external auditors' proposed audit scope and approach, including coordination of audit effort with internal audit.
- Takes in account the opinions of management and internal audit.
- Endorses to the Board prioritized, evaluated ISTM programs and projects as prepared by ISTM Group;
- Reviews and evaluates ISTM programs and projects;
- Reviews compliance to existing ISTM policies, procedures and standards in each of the life cycle stages of the information systems and its corresponding technology components;
- Provides an open communications and coordination between ISTM Group and the Bank’s functional units and groups to achieve the objectives set for the ISTM programs and projects;
- Reviews adequacy and allocation of resources in terms of personnel, technology hardware and equipment, operating systems and software; and networks, facilities and proposes solutions, improvements and enhancements of implementation and operations of ISTM programs and projects;
- Provides directions/corrective actions to address identified and related ISTM deficiencies and gaps;
- Reviews results and provides support and assistance in the assessment of the Bank’s Business Continuity Plan concerned with ISTM facilities, personnel, equipment and relevant information assets;
- Reviews with the IT Auditor and Information Security Officer the results of the Post Implementation Reviews of ISTM programs and projects to assess whether projected benefits are achieved;
- Reviews and approves updates on the ISTM management and operations manuals and elevates to the Board for approval;
- Reviews the sufficiency and appropriateness of the ISTM Strategic and Operational Plan at least annually;
- Evaluates appropriate preparation and implementation of the Information Security Policies and Procedures;
- Discusses with management the major policies of the Bank with respect to risk assessment and risk management.
- Performs other activities related to this charter as requested by the Board of Directors.
- Institutes and oversees special investigations as needed.
- Reviews and assesses the adequacy of the Committee’s charter annually, requests Board approval for proposed changes, and ensures appropriate disclosure as may be required by law or regulation.
- Confirms annually that all responsibilities outlined in this charter have been carried out. Evaluates the Committee's and individual members' performance at least annually.
- Reviews the reports of regulatory agencies such as PDIC and BSP.
III. Resources and Authority
The committee shall be granted the resources and authority/(ies) to effectively discharge its duties and responsibilities under this Charter.
The Committee has authority to conduct or authorize investigations into any matters within its scope of responsibility. It is empowered to:
- Call on Management Committee other responsible employees in the conduct of its duties and responsibilities
- Resolve any disagreements between management and the auditor regarding financial reporting.
- Pre-approve all auditing and permitted non-audit services performed by any external audit firm, other than COA.
- Retain independent counsel, accountants, or others to advise the Committee or assist in the conduct of an investigation.
- Seek any information it requires from employees--all of whom are directed to cooperate with the Committee's requests.
- Meet with COA auditors, or outside counsel, as necessary.
In case of non-cooperation of Management in the conduct of the Committee’s functions, the penalties imposed under the Manual of Regulations for Banks (MORB) shall be applied and related provisions of the Code of Conduct shall also be enforced.
IV. Evaluation and Reports
The Committee shall:
- Regularly report to the Board of Directors about Committee activities and issues that arise with respect to the quality or integrity of the Bank’s financial statements, its compliance with legal regulatory requirements, the performance and independence of its independent auditors, and the performance of the internal audit function.
- Provide an open avenue of communication between IT personnel, ISO, risk officer, internal audit, the external auditors, and the Board of Directors.
- Report annually to the shareholders, describing the Committee's composition, responsibilities and how they were discharged, and any other information required by rule, including approval of non-audit services.
- Review any other reports that the Bank may issue that relate to committee responsibilities.
- The Committee shall review and assess the adequacy of this charter annually and recommend any proposed changes to the Board for its approval pursuant to this charter.
V. Committee Composition and Resource Persons
The Committee shall consist of at least four (4) members of the Board of Directors (BOD), two of whom shall be independent directors.
The BOD will appoint Committee members and the Committee chair.
The Committee Chair should be both independent and preferably financially literate, as defined by the BOD.
The Committee will invite members of management, auditors or others to attend meetings and provide pertinent information, as necessary
VI. Materials for Agenda
Meeting agendas will be prepared and provided in advance to members, along with appropriate briefing materials.
Minutes will be prepared by the Corporate Secretary.
The Corporate Secretary shall keep written minutes of meetings, which shall be maintained in the books and records of the Bank and reported to the Management.
VII. Frequency of Meetings
The Committee shall meet when necessary.
VIII. Approving Authority
The Board of Directors.