As established by the GPF Board of Director, the Internal Audit department with internal control, risk management, and governance responsibilities must receive the policy guidance and formally direct report to Audit Committee. According to the Audit Committee Charter, the Audit Committee plays a key role to perform an oversight function by ensuring that the Internal Audit Department is independent and conforms the International Standards for the Professional Practice of Internal Auditing as well as Code of Ethics for internal auditing. In addition, as a government agency, the GPF is required to comply with the Ministry of Finance’s regulations on standards and guidelines of internal audit for government agencies B.E. 2561 (2018). The core objective of such regulatory framework is to enable government agencies, including the GPF, to accomplish their organization’s goals by implementing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
The Board of Directors provides a channel available for stakeholders to file a complaint, or report the issues regarding an incident of fraud, illegal practices, financial reporting inappropriateness, or internal control breakdown or any other issues concern. This information can be submitted directly to the Chairman of the Audit Committee. The results of the investigation concerning allegations will then be presented to The Board of Directors. It is acknowledged that all information of those complainants or whistleblowers will be kept confidential and not to be disclosed to prevent any right infringement.
(Please kindly provide detail finding, witness or any supporting evidence)
Internal auditing is the process involving in an independent, objective assurance service as well as consulting service designed to add value and contribute to the improvement of an organization’s operations. Internal audit is a dynamic engagement, helps supporting an organization to achieve their objectives by evaluating and enhancing the effectiveness of risk management, control, regulatory compliance, and governance processes using a systematic and disciplined approach.
The Board of Directors has established an organizational structure by placing the Internal Audit Department directly report to Audit Committee and receive overall policy guidance from the audit committee. At the same time, the internal audit department also reports to the GPF Secretary General for administrative supervision. This arrangement encourages the internal audit authorities to pursue independent and objective assurance to the management in compliance to international standards and legal frameworks. Providing that the internal audit will gain a highly reliable trust from related parties including the executives and stakeholders.
The Internal Audit Department will develop the internal audit plan and submit to Audit Committee for review and approval. In developing the plan, the internal auditors conduct an organization-wide risk assessment. The assessment allows internal audit to systematically evaluate the internal control system in terms of its efficiency and effectiveness based on the COSO Internal Control framework and COBIT framework for IT Governance to perform an integrated and continuous audit. Such procedure is contributed to reduce risks associated with operations, IT management, and fraud. In addition, since internal audit must possess the knowledge, skill and other competencies needed to perform their individual responsibilities, GPF encourages internal auditors to develop their competencies through training and practices, as well as support the team to add the CIA credential by earning an internal auditor and IT auditor certificates.
Every year internal audit department submits an annual audit plan to the Audit Committee for review and approval. Internal audit department has the responsibility to conduct audits and prioritize of all departments and activities which covering a wide range of risk assessments including fraud risk. However, the plan may be amended during the year in response to significant change of relevant risk. For internal audit procedure in each individual engagement, it typically consists of assessment of the adequacy of effective control process, communicate and report to executives and Audit Committee as well as the implementation of audit recommendations and follow up on the action taken in appropriate way.