1
Responsible for the governance of third line of defence
2
Ensure that there should be a dedicated internal auditor at the AMC level for audit of the RMF of the AMC.
3
Ensure that internal auditor reviews both the scheme level and AMC level risks
4
Ensure that Non-compliance rate is documented as part of Internal audit reports
5
Ensure that Internal auditor submits the internal audit report (incl non compliance rate) to audit committee of the AMC and the board of AMC
6
Ensure that Internal Audit report comprises rectification index which represents comparison of non-compliance rate between two subsequent audit reviews.
7
For the relevant functional risks, identify, analyze and report and escalate the following to the CRO and CEO along with recommended action plan for Early warning signals, Emerging risks, Major findings, Near miss and loss events and fraud incidents.
8
Formulate and review the RCSA for key risks and controls and periodically provide inputs to update the RCSA for the Internal Audit function.
9
Responsible for the governance (incl. reputation and conduct risk associated for the respective function)
10
Maintaining risk level as per the risk metric
11
Define specific responsibilities regarding risk management of key personnel reporting to Head – Internal Audit
12
Undertake immediate corrective action for non-compliance or major finding post approval from CEO as per DoP and shall report to CRO regarding the risk reports.
13
Perform adequate due diligence of outsourced vendors prior to onboarding by function
14
Ensure periodic assessment of outsourced vendors considering following elements:
- Review of vendors' people, systems and processes
- Documentation and communication of error tolerance and code of conduct and monitoring breaches
- Monitor fraud vulnerabilities in the outsourced process
- Report SLA breaches