Maybank's Audit Committee meets on a scheduled basis at least once a month. The Chief Operations Officer (COO) and the Chief Audit Executive (CAE) are invited to attend the meetings. In addition, the External Auditors are also invited to attend meetings to discuss matters such as the year end audited financial statements, management letters and other matters deemed relevant.

Apart from the scheduled meetings, the members of the Audit Committee will conduct one-to-one sessions with the External Auditors in private without the presence of the Management, as required.

COMPOSITION AND TERMS OF REFERENCE

Composition

1. The Chairman and the Audit Committee members shall be non-executive directors and at least one (1) member of the committee must be:-

• a member of the Malaysian Institute of Accountants (MIA); or
• if he is not a member of the MIA, he must have at least three (3) years working experience; and (i) he must have passed the examinations specified in Part I of the First Schedule of the Accountants Act, 1967; or (ii) he must be a member of one (1) of the association of accountants specified in Part II of the First Schedule of the Accountants Act, 1967.

2. Where the Chairman is unable to attend the meeting, the members shall elect a person among themselves as Chairman.

3. Review of membership is undertaken once every three (3) years. This review pertains to the terms of office and performance of the members.

Quorum

The quorum shall be three (3) with majority to be independent directors.

Authority

The ACB is empowered by the Board to carry out the following:-

1. Investigate any activity or matter within its terms of reference.

2. Promptly report to Bursa Malaysia Securities Berhad (“Bursa Securities”) matters which have not been resolved satisfactorily, thus, resulting in a breach of the Bursa Securities Listing Requirements.

3. Obtain external independent professional advice, legal or otherwise, deemed necessary.
4. Maintain direct communication channels with external auditors, person(s) carrying out the internal audit function or activity, and with senior management of the Bank and its subsidiaries.
5. Convene meetings with internal and external auditors, without the attendance of the management, whenever deemed necessary. In discharging the above functions, the ACB has also been empowered by the Board to have:-

• Necessary resources which are required to perform its duties.
• Full and unrestricted access to any information and documents relevant to its activities.

DUTIES AND RESPONSIBILITIES

The primary duties and responsibilities of the ACB with regards to the Maybank Group’s Internal Audit function, external auditors, financial reporting, related party transactions, annual reporting and investigation are as follows:-

Internal Audit

• Review the adequacy of the internal audit scope and plan, functions and resources of the internal audit function, Internal Audit Charter and that it has the necessary authority to carry out its work
• Review the internal audit reports to evaluate the findings of their work and to ensure that appropriate and prompt remedial action is taken by Management on lapses in controls or procedures that are identified.
• Approve the appointment or termination of the Chief Audit Executive and Heads of Department of Internal Audit.
• Assess the performance of the internal auditor, determine/approve the remuneration and annual increment of the internal auditor.
• Take cognisance of resignation of internal audit staff and the reason for resigning.

External Audit

• Review the appointment and performance of external auditors, the audit fee and any question of resignation or dismissal and to make recommendations to the Board.
• Assess the qualification, expertise, resources and effectiveness of the external auditors.
• Monitor the effectiveness of the external auditors’ performance and their independence and objectivity.
• Review the external auditors’ audit scope and plan, including any changes to the scope of the plan.
• Review major audit findings raised by the external auditors and Management’s responses, including the status of previous audit recommendations.
• Review the assistance given by the Group’s officers to the external auditors and any difficulties encountered in the course of the audit work, including any restrictions on the scope of activities or access to required information.
• Approve non audit services provided by the external auditors.

Financial Reporting

Review the quarterly and year-end financial statements focusing on:-

• any changes in accounting policy and practices
• significant and unusual events, and
• compliance with applicable Financial Reporting Standards and other legal and regulatory requirements.

Related Party Transactions

Review any related party transactions and conflict of interest situations that may arise within the Bank or Maybank Group including transactions, procedures or courses of conducts that may raise questions of Management’s integrity.

Annual Report

Report the Audit Committee’s activities for the financial year.

Investigation

Instruct the conduct of investigation into any activity or matter within its terms of reference.

Other Matters

Other matters as the Committee considers appropriate or as authorised by the Board of Directors.

INTERNAL AUDIT FUNCTION 

The Group has a well established in-house Internal Audit (IA) to assist the Board of Directors to oversee that Management has in place a sound risk management, internal control and governance system. 

The internal audit function is guided by its Audit Charter and reports functionally to the ACB of the Bank and administratively to the President & Chief Executive Officer, and is independent of the activities or operations of other operating units. The principal responsibility of IA is to undertake regular and systematic reviews of the systems of internal control, so as to provide reasonable assurance that such systems continue to operate efficiently and effectively. The scope of coverage of IA encompasses all units and operations of the Bank, including the subsidiaries. The selection of the units to be audited from the audit universe leading to the formulation of the audit plan is premised on a risk based approach and it is the responsibility of the IA to provide the ACB with an independent and objective report on the state of affairs of the risk management, internal control and governance processes.

The internal audit function for Maybank operations and its subsidiary companies in Malaysia and Papua New Guinea is organised on a Group basis within Maybank. Technical support in the areas of credit risk, market risk, information technology systems and developmental initiatives are centrally driven to ensure consistency of standards and applications. The ACB reviews and approves Maybank IA’s human resource requirements to ensure that the function is adequately resourced with competent and proficient internal auditors. The internal audit functions for the respective subsidiary companies in Philippines and Indonesia are organised and supported by the respective resident internal audit teams with direct accountability to the respective Board Audit Committees of these subsidiary companies.

The audit reports which provide the results of the audit conducted in terms of the risk management of the unit, operating effectiveness of internal controls, compliance with internal and regulatory requirements and overall management of the unit, are submitted to the respective ACB for their review. Key control issues, significant risks and recommendations are highlighted, along with Management’s responses and action plans for improvement and/or rectification, where applicable. This enables the ACB to execute its oversight function by forming an opinion on the adequacy of measures undertaken by Management.

The International Standards for the Professional Practice of Internal Auditing (SPPIA) of the Institute of Internal Auditors (IIA), the Practice Advisories issued by the IIA, the Guidelines on Internal Audit Functions, Bank Negara Malaysia’s Garis Panduan 10 (GP10), Garis Panduan Insurance 13 (GPI 13) and Guidelines on Management of IT Environment (BNM/GPIS1) are used where relevant as authoritative guides for internal auditing procedures.