Annual Report 2024 Turning the Dream of Home into a Goal
Download report in PDF

Internal Audit

The activities of the Bank’s Internal Audit Department are based on the International Framework for the Professional Practice of Internal Auditing and are carried out in accordance with the principles of independence, impartiality, honesty, objectivity and professional competence.

The mission of the Internal Audit Department is to provide the services necessary to assist the Board of Directors and the Management Board of the Bank in fulfilling their responsibilities in achieving the Bank’s strategic goals.

The main purpose of the Internal Audit Department is to provide the Board of Directors with independent reasonable assurance and advice aimed at improving the Bank’s operations and enhancing the effectiveness of risk management, internal control and corporate governance.

The Internal Audit Department is an independent structural unit and functionally reports to the Board of Directors and administratively to the Management Board of the Bank. The activities of the Internal Audit Department are supervised by the Audit Committee of the Board of Directors. The Head and employees of the Internal Audit Department are appointed by the Board of Directors.

In 2024, the headcount of the Internal Audit Department was 13 employees. The Head of the Internal Audit Department holds an international CIA (Certified Internal Auditor) internal audit certificate. Internal auditors on an ongoing basis carry out continuous professional development and hold the Diplomas of Certified Professional Internal Auditors issued by the UK Institute of Financial Managers (DipPIA and DiPCPIA).

The main tasks and functions of the Internal Audit Department are:

  • assessing the reliability and efficiency of the internal control system and risk management system;
  • assessing the efficiency of corporate governance and compliance with ethical standards and values;
  • assessing the sufficiency and efficiency of actions taken by the Bank’s structural units to achieve their tasks within the framework of the Bank’s strategic goals;
  • assessing the reliability of the functioning of the internal control system for the use of automated information systems;
  • providing advice to the Executive Body, structural units of the Bank on improving internal control processes, risk management and corporate governance.

All planned audit tasks for 2024 were completed in full. Significant problems identified as a result of audits are related to the human factor, which resulted in the following key risks: incomplete compliance of the Bank’s internal documents, processes and/or procedures with the requirements of regulatory legal acts of the Republic of Kazakhstan (hereinafter, the RLA), incorrect and/or untimely entry of data into information systems, incomplete compliance with the requirements of the Bank’s internal documents.

The main actions taken by the Bank to minimize these risks and problems included automation of business processes and technical improvements to the Bank’s information systems, bringing the Bank’s internal documents into compliance with the requirements of the RLA, conducting briefings and training with the Bank’s employees, as well as applying disciplinary actions to the Bank’s employees who committed violations.

In 2024, an external comprehensive audit was conducted to assess the Bank’s information technology and information security systems for compliance with regulatory requirements, the CobIT 2019 methodology, and ISO:27001 standards. Based on the results of the audit, the effectiveness level of the Bank’s IT control processes, according to the main criteria of the international CobIT 2019 methodology, was assessed at a fairly high level – 95 % (corresponding to an “adequate” rating).

In 2024, an external evaluation of the Bank’s corporate governance was conducted in accordance with the criteria set out in the Corporate Governance Evaluation Methodology of Otbasy Bank JSC. According to the results, the level of compliance was also evaluated at a fairly high level – 95.4 % (corresponding to an “adequate” rating). The approved Methodology includes the evaluation of the Bank’s ESG policies and practices.

Annual risk-based audit plans are reviewed and approved by the Board of Directors.

In the performance of its functions, the Internal Audit Department confirmed its independence to the Board of Directors.