P.
17
2018 Pillar 3 Disclosures
Risk Management
undertaking of its functions, for which it has unrestricted access to all the areas, departments
and employees, physical or computer activity records, and in general all repositories holding
physical or digital documentation that are necessary to carry out its activity.
The objectives of Internal Audit are as follows:
•
Assess internal control systems and procedures designed by the bank to adapt, measure,
monitor, and control risks deriving from activities and verify that they are adequate and
effective.
•
Assess accounting, data processing, and information systems.
•
Assess control systems and procedures for safeguarding assets.
•
Examine the systems and procedures established to ensure compliance with the applicable
regulations.
•
Examine the reporting of information.
•
Prove compliance with standards, policies, and established procedures.
•
Monitor second-level control units, including Standards Compliance, the Operational Risk Unit,
Internal Control, and the Risk Department.
•
Inform senior management, in good time and appropriately, of the results of the reviews and
activities undertaken.
•
Keep the Audit Committee constantly informed of any issues that could imply an increase in
risk with regard to that approved by the Board of Directors.
•
Verify compliance with the methodologies used according to that approved by the Board of
Directors.
•
Audit of the technological environment and risk applications.
Internal Audit publishes reports including an assessment of the work carried out in these fields,
as well as recommendations they consider necessary to resolve any identified incidents and
an expected resolution date. Similarly, Internal Audit carries out ongoing monitoring of the
recommendations, with the aim of checking that they have been properly implemented.
2 | 2.2