Internal Controls

Internal Controls

Internal Controls

It is the responsibility of Bank's Board of Directors to:

  • Ensure that effective measures are in place to safeguard the Bank's assets;
  • Ensure proper accounting records and reliable financial information by procedures designed to avoid or reduce risks and ensure compliance with applicable laws and regulations;
  • Ensure that an adequate and effective system of internal controls and procedures is established and maintained; and
  • Evaluate the effectiveness of the Bank's internal control system, identifying control objectives, reviewing significant control policies and establishing relevant control procedures.

Control activities are closely monitored across the Bank by the Bank's internal audit function, working independently of management. In addition, the risk management and compliance functions monitor control activities on an ongoing basis. All three functions cover all banking activities in general and key risk areas in particular. The Board's Audit & Compliance Committee reviews audit reports periodically and particularly where significant violations to the applicable regulations, prescribed policies and procedures have occurred. The Board's Audit & Compliance Committee ensures the implementation of regulations, policies and procedures through all Bank departments aimed at mitigating identified risks and safeguarding the interest of the Bank and its shareholders.

While the Board's Audit & Compliance Committee oversees and reviews the Bank's compliance policies and their implementation, the Group Compliance department which reports to the Group Chief Risk Officer, is responsible for advising and monitoring compliance with local regulatory requirements. Compliance with anti-money laundering procedures and internal training in such procedures is also developed and administered by the Group Compliance department.

The Bank's internal controls over financial reporting comprise processes designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with accounting principles. The Bank's internal controls over financial reporting include policies and procedures that (i) are designed to ensure maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the Bank; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with accounting principles, and that receipts and expenditures of the Bank are being made only in accordance with authorizations of management and directors of the Bank; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the Bank's assets that could have a material effect on the financial statements. Internal controls are designed to ensure that adequate independent internal checks and balances exist in keeping with the maker-checker or four-eye principle and that the oversight roles are embedded in areas reporting independently to non-originating areas.

The Bank's internal control system has been designed to provide reasonable assurance to the Bank's Board of Directors and shareholders. All internal control systems, no matter how well designed, have inherent limitations and they may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions or that the degree of compliance with the policies or procedures may deteriorate.

However, improvement of control activities is an ongoing process at ADCB that includes identification, evaluation and management of significant risks faced by the Bank.

Audit Arrangements

An external auditor is appointed annually by shareholders on the recommendation of the Board of Directors.

The scope of the audit is agreed between the Audit & Compliance Committee and the auditor. Any additional work proposed to be performed by the external auditor is reviewed by and approved by the Audit & Compliance Committee on an item-by-item basis, as and when it surfaces. The Terms of Reference of the Audit & Compliance Committee specify the nature and scope of the external auditors' work. The Bank has complied with local rules and regulations as well as international best practices governing the appointment of and carrying out of non-audit work by the auditor.

The Board's external auditor selection policy and the Bank's articles of association include measures to ensure the ongoing independence of the Bank's external auditor. The Bank has adopted a policy on rotation of its external auditors which complies with the UAE Commercial Companies Law and the ADAA Statutory Auditors Appointment Rules issued on 28 September 2014 (the "SAAR"). The SAAR stipulates that the Bank is required to appoint new external auditors every 3 years.

  • No audit firm may be appointed for more than 3 consecutive years without shareholders' approval.
  • No individual audit partner may be responsible for the audit for more than 3 consecutive years.
  • The Committee will make recommendations on the rotation of the external audit firm, or of the partner of the firm in charge of the Bank's audit, to ensure the independence of the external auditors.
  • Without the consent of the Committee, the external auditor may not carry out any additional work for the Bank, which is not part of the audit program.

The external audit partner attends meetings of the Audit & Compliance Committee by invitation and, if so required, attends the Board meetings when the annual and quarterly reports are approved and signed, and otherwise when needed. The Audit & Compliance Committee also periodically meets separately with the Bank's internal auditors and the auditor in the absence of management.

Click here to view the External auditor policy, revised in 2015.

Internal Audits

The internal audit group (IAG) is responsible for the evaluation of the Bank's risk management, control and governance processes. The IAG also oversees and conducts the Bank's internal audit function.

The IAG is responsible to ensure that all transactions undertaken by the Bank are conducted in accordance with the Bank's internal procedures, and in compliance with applicable legal and regulatory requirements, thereby minimising the risk of fraudulent, improper or illegal practices. The IAG performs its function in accordance with a risk-based audit methodology.

In carrying out its audit activities and responsibilities, members of the IAG have unrestricted access to all of the Bank's records (either manual or electronic), assets, physical properties and personnel, relevant to the audit.

Although the IAG conducts audits on all of the Bank's units, the frequency of internal audits carried out with respect to each of the Bank's units depends on the inherent risk of that unit and its related control risk evaluation. All audits are conducted in accordance with the annual audit plan, which is approved by the Audit & Compliance Committee, and which may be broadened, as circumstances require.

The Group Chief Internal Auditor functionally reports to the Audit & Compliance Committee and to the Group Chief Executive Officer on administrative and day-to-day matters.

Regulation and Supervision

The Bank is subject to four main sources of regulation and supervision:

  • The Central Bank - the Central Bank provides prudential supervision of banking activities. Monitoring by the Central Bank is undertaken by way of regular inspections of banks and their records and the requirement for regular submission of data including credit data and anti-money laundering measures.
  • UAE Federal Laws, including the Federal Law No.2 of 2015 Concerning Commercial Companies, as administered by the Ministry of Economy and the Department of Planning and Economy, in addition to any other local regulatory authorities of the Emirates.
  • As a listed company, the Bank is subject to the rules and regulations enforced by the Emirates Securities and Commodities Authority and the markets upon which its shares and debt are listed, including the ADX, the London Stock Exchange, the Irish Stock Exchange, the Luxembourg Stock Exchange and the Swiss Stock Exchange.
  • As an Institution in which the government of Abu Dhabi's share is not less than 50%, the Bank is subject to audits by Abu Dhabi Accountability Authority.