AUDIT SUMMARY

Internal auditors typically issue reports at the end of each audit that summarize their findings,
recommendations, and any responses or action plans from management. An audit report may
have an executive summary—a body that includes the specific issues or findings identified and
related recommendations or action plans, and appendix information such as detailed graphs
and charts or process information. Each audit finding within the body of the report may contain
five elements, sometimes called the "5 C's":

1. Condition: What is the particular problem identified?

2. Criteria: What is the standard that was not met? The standard may be a company policy
or other benchmark.
3. Cause: Why did the problem occur?
4. Consequence: What is the risk/negative outcome (or opportunity foregone) because of
the finding?
5. Corrective action: What should management do about the finding? What have they
agreed to do and by when?
The recommendations in an internal audit report are designed to help the organization achieve
effective and efficient governance, risk and control processes associated with operations
objectives, financial and management reporting objectives; and legal/regulatory compliance
objectives.
Audit findings and recommendations may also relate to particular assertions about
transactions, such as whether the transactions audited were valid or authorized, completely
processed, accurately valued, processed in the correct time period, and properly disclosed in
financial or operational reporting, among other elements.
Under the IIA standards, a critical component of the audit process is the preparation of a
balanced report that provides executives and the board with the opportunity to evaluate and
weigh the issues being reported in the proper context and perspective. In providing
perspective, analysis and workable recommendations for business improvements in critical
areas, auditors help the organization meet its objectives.
Quality of Internal Audit Report

 Objectivity - The comments and opinions expressed in the Report should be

objective and unbiased.
 Clarity - The language used should be simple and straightforward.
 Accuracy - The information contained in the report should be accurate.
 Brevity - The report should be concise.
 Timeliness - The report should be released promptly immediately after the audit is
concluded, within a month.

[Type here]
Summary of the Audit Activity

Introduction
To establish corporate governance in Tejarat Bank in accordance with the directives of Central
Bank of the Islamic Republic of Iran and in the internal controls guideline for accepted
publishers in Tehran stock exchange and Iran OTC market, the bank's internal audit activity
charter was approved by the Board of Directors in December 2014 and will be binding since the
date of approval.

The purpose, organizational position and scope

Internal auditing is an independent objective assurance and consulting activity designed to add
value and improve operations. Internal audit systematic approach will help to achieve the
objectives of the bank to evaluate and improve the effectiveness of governance processes, risk
management and internal controls. In order to preserve the independence and objectivity,
internal auditors will have the proper organizational position and the ability to work according
to professional standards.
In order to maintain and improve professional independence, executive powers of the internal
audit unit delegate directly by the Board of Directors, Audit Committee or the Director of the
Bank. The Board gives full, free, and unrestricted authority to the internal audit unit in order to
carry out professional duties and responsibilities in terms of access to documents, staff,
processes and activities of the bank. Any prevented from carrying out of this authority is a
violation if it’s unjustified.
The Board knows all of employees responsible and responsive for timely provision of
documents and the correct information to internal audit. Internal auditors must also treat
completely confidential by information and documents according to their position to have
access, and they must observe requirements secrecy, rules, regulations and laws in their
mission place. The scope of internal audit covers all of activities, the risks of banking and
outsourcing activities.

Mission

The main mission planned for internal audit is evaluation of the internal control system of the
bank in terms of design, proper usage and its effectiveness in various areas, as follows:
• Evaluating internal controls;
• Operational audit;
• Audit management;

[Type here]
Reporting

[Type here]
[Type here]
• Points contained in the draft of internal audit report share with the relevant manager or
managers and a copy of it gives to the CEO.
• Sending the final report of the internal audit to concerned units will be subject to review by
the Audit Committee.
• A summary of the audit mission and follow-up corrective actions give to the committee and
the committee will be sent them to the CEO and board of directors.

Responsibilities

• Codifying flexible annual internal audit plan and offering it to the Audit Committee for review
and approval;
• Carrying out approved annual plan, including any tasks or requested projects by the Board,
CEO and Audit Committee;
• Giving reports of the planned investigations to the Board, CEO and Audit Committee;
• Collaborating and communicating with independent auditors in order to optimize the bank’s
audit

[Type here]