Terms of Reference for Outsourced Internal Audit
home / Career Opportunities / Terms of Reference for Outsourced Internal Audit



I. Introduction

These Terms of Reference (TORs) provide the basic information needed to obtain an understanding of the engagement, in order to plan and perform an internal audit. The auditors require an appreciation of the environment and the governance framework of the St. Lucia Development Bank (SLDB) as guided by the SLDB Act No. 12 of 2008 and the Financial Services Regulatory Authority (FSRA) Guidance Notes.  As per the SLDB Act No. 12 of 2008 the main functions of the SLDB is to mobilise and provide finance for and promote and facilitate the expansion and strengthening of the economic development of Saint Lucia.

The SLDB is governed by a Board of Directors consisting of various committees that provide oversight in the management of its affairs.  Funding for the operations of the Board are from the Government of Saint Lucia as well as regional and international funding agencies including the Caribbean Development Bank (CDB) and the World Bank.

To date the internal audit function at the SLDB is being provided by the Risk Department under the supervision of the Audit and Governance Committee.  The intention of the SLDB is eventually to establish a permanent internal audit department. In the interim, SLDB intends to outsource this function to an external firm in order to comply with the regulatory requirements which govern the organization and to receive advice on how the permanent function can be established. These services are being outsourced for the first time.

II. Relationships and Responsibilities

The Client is the SLDB, and the World Bank is an interested party. The Government of St. Lucia-Department of Economic Development, Transport and Civil Aviation, Project Coordination Unit will facilitate and supervise the selection process of the internal auditor. A World Bank representative may participate in the entrance and exit conferences; supervise the work performed by the auditors to ensure that it complies with the terms of reference and the applicable auditing standards, and provide comments on the draft audit report.

Responsibilities of Internal Auditor
Several committees are appointed by the SLDB Board to provide oversight. “An Audit and Governance Committee” is the principal committee responsible for defining the functions of the internal audit.  Further, Section 23 (2) of the SLDB Act provides for the functions of an Internal Auditor as follows:

“The Internal Auditor shall be responsible to Board for:

a) Monitoring all financial transactions of the SLDB to assess compliance with the established policies;

b) Reviewing the internal controls established by management; and

c) Assessing and reporting on areas of real or potential risk, including fraud risks, governance issues, and other matters that require the attention of senior management and the board to the Bank; and

d) shall report and make recommendations of its findings to senior management the Board”.

Also, Further to Financial Services Regulatory Authority’s SLDB Guidance Notes 5.3.1, the duties of Internal Auditor  shall be as follows:

a) Appraise the policies and operating procedures of the SLDB and make recommendations to the Board;

b) Attest that the semi-annual Management accounts are filed in compliance with A1, which states that the SLDB is required to file semi-annual Management accounts with the FSRA within two (2) months of the end of a six month period, along with a written declaration certifying, to the best of knowledge and in all reasonableness, that the management accounts represent a true and fair view of the financial position of the bank.

c) Determine periodically but not less than once per semi-annum, whether the provisions of the SLDB Act No. 12 of 2008, FSRA Guidance Notes and the relevant policies have been complied with–

i. In making loans, including loans to officials, business loans and loans to organisations, associations and corporations,

ii. In the administration of depositors’ accounts,

iii. In the maintenance of the minutes of meetings of the board and other Committees.

d) Receive and investigate any complaints made by depositors about management of the SLDB;

e) Monitor the management of the SLDB

f) Identify areas of noncompliance in the operations of the SLDB and the SLDB Act No. 12 of 2008, and Guidelines; and

g) Verify the assets of the SLDB and monitor whether the assets are properly protected.

In the addition to the above responsibilities, the internal audit must include:

  • Coordination of overall audit activity.
  • Advice, as appropriate, on the adequacy of controls incorporated in accounting and internal control systems.
  • Investigating independently or jointly with management as considered necessary, and reporting upon, irregularities reported to Internal Audit under financial management regulations.
  • Report on and give advice on fraud control, governance, risk management, safety and security and other related areas of focus determined by the SLDB Board.
  •  Liaise as necessary with other internal and external oversight agencies e.g. external auditors and inspectors.
  • Such work to be agreed by the SLDB Management and not to be to the detriment of achieving the Internal Audit’s prime responsibility or its independence.
  • The Internal auditors should maintain on file adequate working papers for a period of three years after the end of the audit. During this period, the Internal auditors should promptly provide the working papers requested by the SLDB.
  • SLDB is currently designing a Core Banking System to be procured and implemented in 2021.  Identify any control issues that could arise through its implementation
  • Identify potential areas for training and capacity building

III. Audit Requirement
The SLDB Act No. 12 of 2008 and FSRA Guidance Notes makes provision for the internal audit functions. The services of the Internal Auditor are to be provided to SDLB for one (1) year in the first instance with a minimum of two semi-annual reviews.

The services are to include the Youth Enterprises Fund (YEEF) as well. The Youth Enterprises Equity Fund Inc. (YEEF) was incorporated under the Companies Act Cap 13.01 of the Revised Laws of Saint Lucia 2001 on February 23, 2010 and commenced operations on March 22, 2011.  Its principal activity is the provision of equity funding to young entrepreneurs between the age range of 18-35 in Saint Lucia.  The YEEF is a wholly owned subsidiary of the Saint Lucia Development Bank with intial captial of EC$5 million and its registered office is located at #4 Bridge Street, Castries.

IV. Audit Objectives and applicable standards

The objective of the internal audit engagement is to provide an independent, objective assurance to add value and improve the SLDB’s operations. It is intended to help the SLDB accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. This objective is achieved by examining, evaluating and reporting on the adequacy of the SLDB’s control environment via a number of individual audit assignments. Based on this work, advice and recommendations will be made where necessary, as to how procedures can be improved to manage the risks faced in achieving SLDB’s objectives.

Auditing Standards
Internal Audit is required to comply with the International Standards for the Professional Practice of Internal Auditing whose purpose is to:

a) Delineate basic principles that represent the practice of internal auditing as it should be;

b) Provide a framework for performing and promoting a broad range of value-added internal audit activities;

c) Establish the basis for the evaluation of internal audit performance; and

d) Foster improved organizational processes and operations.

Given the significant growth of the SLDB over the past six years and changes in international accounting standards and auditing norms, the internal audit engagement is with the objective of strengthening the institutional capacity of the SLDB.  Such recommendations should assist the SLDB in identify areas for improvement to allow for securing additional lines of credit to compliment current resources. In addition, most of the international agencies require an internal audit function to be in full effect as a condition precedent for approval and disbursements for lines of credit.

V. Scope of the Audit and Deliverables
The Scope of the Internal Audit Services is based on the requirements of the SLDB Act No. 12 of 2008, FSRA Guidance Notes and the prescribed functions of the Internal Auditor. The key deliverable is performing the functions of the Internal Auditor and providing the Board with a report on the activities undertaken along with any recommendations.

The internal audit must include adequate planning, evaluation and testing of the internal control structure and systems and obtaining sufficient objective evidence to allow the auditors to reach reasonable conclusions on which to base their recommendations. In conducting their work, the auditors should pay special attention to the following requirements: Staffing arrangements and operating procedures, systems and governance arrangements.

Internal Audit Plan
A risk-based Internal Audit Plan of activities to be performed shall be prepared by the Internal Audit firm and be submitted to the SLDB Board for approval. In formulating the plan, the Internal Audit firm will consult with internal and external stakeholders to determine the extent, scope and risks associated with activities to be reviewed and to ensure proper audit coverage avoiding duplication of effort.

The Plan will be a broad outline of the strategy to be adopted by the Internal Audit firm in order to meet audit objectives. Identification and prioritization of auditable areas are to be based on the following factors:

  • Significance to achieving project objectives
  • The outcome of project risk assessments
  • Materiality
  • Risk management, performance management and other assurance processes in place
  • Importance in terms of sensitivity and public accountability
  • Coverage, timing and outcome of previous internal or external audit and related reviews.

Audit Reports
The Internal Audit firm will issue a report following each audit undertaken, providing a clear audit opinion and conclusions as to the adequacy of control in the light of assessed risk, and making recommendations/recording action agreed. Interim reports will be issued where audit input is prolonged by the nature of the work or there is a need for urgent action prior to the completion of the audit.

The management of SLDB will facilitate the conduct of the audit and to reply to the report within two weeks of the date of issue. The reply must state the proposed actions taken and associated timeframe.

SLDB’s Management will be responsible for monitoring the implementation of recommendations/agreed actions of a high priority and providing feedback to the Internal Audit firm.

The Internal Audit firm will check the implementation of particularly significant recommended/agreed actions, via a formal follow-up process. A monthly briefing will be held to discuss the internal audit process and status on completed and ongoing audit activities. A quarterly progress report will be issued to the Board, including details of reports issued in the period, replies outstanding and audit opinions on each assignment. The Board will seek assurances that appropriate management action is being taken in line with any agreements or audit recommendations made.

The Internal Audit reports should contain at least:

  • Appropriate communication in the form of a report on internal control to those charged with governance and management of deficiencies in internal control that the auditor has identified during the audit and that, in the auditor’s professional judgment, are of sufficient importance to merit their respective attention including the adequacy of the internal control structure of the SLDB.

The audit report on the internal control structure for the SLDB. The report should disclose, among others information discussed in the Guidelines, the reportable conditions (those that have an impact on the financial statements), including the identification of material weaknesses in the internal control structure of the SLDB.

In addition, the report should include:

  • A title page, table of contents, a transmittal letter to the SLDB
  • A summary of the main audit procedures performed for planning the audit, evaluating the internal control structure, and for evaluating compliance with the terms of the applicable agreements, laws and regulations.
  • Written representation from the management in the form of a representation   letter. In the letter, management should indicate that they believe that they have fulfilled their responsibility in allowing access and furnishing all documents for completeness of the information provided to the auditor. In addition, management, should provide written representation that it has communicated to the auditor all deficiencies of an internal control nature for which management is aware including the follow-up of recommendations made in prior audits, indicating the status of the recommendations as corrected, partially corrected, or not corrected. The deficiencies that are outstanding to be corrected should be reported in the current audit report, along with the corresponding management’s comments.
  • A written management letter from the auditors with a summary of all the audit findings and relevant items per the auditors’ professional judgement in accordance with the IIA’s. The audit findings are to be categorized by risk severity: High, Medium, or Low.

The Internal Audit firm shall issue its reports in accordance with IIAs, 2010, 2020, 2060, 2450. The reports shall be issued in English and should be addressed and delivered to the SLDB. The final report, duly signed and bound, supported by 10 (ten) copies.

VI. Inspection and Acceptance of the Audit Work and the Reports
The SLDB is responsible for inspecting and accepting the audit reports and the auditor’s quality control procedures. If the report is not acceptable or not fully satisfactory due to deficiencies in the audit work or because the report does not comply with the requirements stated in these TORs the auditor shall perform the necessary additional work at no additional cost to the SLDB.

Also, the representative of the SLDB may contact the auditors directly to request any additional information related to any aspect of the audit.

The Internal Audit firm will include within the Audit Manual a process for producing working papers to act as evidential support to reports. They will cover (i) planning of the audit; (ii) risk assessments; (iii) procedures applied, information obtained, and conclusions drawn; (iv) quality assurance reviews; (v) reporting; and (vi) post-implementation reviews of recommendations.

Relationship with External Audit
The Internal Audit firm will liaise with the project’s external auditor to promote a co-operative and professional working relationship; co-ordinate overall audit effort; avoid duplication of work and share appropriate information.

Quality Control
The Internal Audit firm will make appropriate arrangements to ensure it is adequately staffed and resourced to effectively respond to SLDB’s specific issues and fully implement the Internal Audit Plan.  They will also make arrangements for internal quality assurance reviews in compliance with professional practice standards.

The SLDB Board shall oversee the overall performance of the Internal Audit firm as part of its mandate.

The Internal auditors should possess the basic necessary skills and competencies necessary to carry out the audit. The internal audit must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach.  The internal audit must also evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding the:

–  Reliability and integrity of financial and operational information;

–  Effectiveness and efficiency of operations;

–  Safeguarding of assets; and

–  Compliance with laws, regulations and contracts

The Internal Audit will conduct entrance and exit conferences with the SLDB. During the exit conference, the Internal Auditor will give a presentation on the audit report findings and highlight how the SLDB internal audit function should be maintained moving forward.

The internal auditors should be cognizant that all documentation (i.e. workpapers) used during the audit should remain confidential and is proprietary property of the SLDB.

The internal auditor should plan the audit work so that preliminary reviews can be conducted during the period under review (including the first few months), with the purpose of evaluating the systems of internal control and communicating to the SLDB in a timely manner any situations that merit the attention of management before the issuance of the final audit report.

Communicate deficiencies in internal control to those charged with Governance and management in accordance with IIA’s 2020.

VII. Reporting deadlines
The auditor will issue the draft report within ten (10) working days after each semiannual audit cycle and the final audit report five (5) working days after SLDB management’s reply on the draft report’s finding. Specific Dates on reporting deadlines will be mutually agreed with the Internal auditor and the SLDB at audit planning stage.

Qualification Requirements for shortlisting

  • The audit firm should be registered and have operations in St. Lucia.
  • The Firm should have affiliation/membership with an internationally reputed audit firm.
  • The audit firm must be completely impartial and independent from all aspects of management or financial interests in the entity being audited.
  • The audit firm is required to disclose any relationship that might possibly compromise its independence.
  • The audit firm should be experienced in applying IIA’s audit standards for the internal audit.
  • Experience with a similar assignment, that is, auditing entities comparable in size and complexity to the SLDB.
  • The Firm shall propose a team with the appropriate professional qualifications and suitable experience in IIA’s audit standards,
  • Key Experts include audit manager, supervisor, two senior auditors /principals that would be responsible for the audit field.
  • CVs should include details on audits carried out by the applicable staff, including on-going assignments indicating capability and capacity to undertake the internal audit.