The Commercial Companies Law makes it mandatory for various forms of companies to have auditors. While the appointment of an external auditor is mandated in respect of a limited liability company if the company has ten or more partners or a capital of over OMR 50,000 or if the partners representing at least one-fifth of the capital require it, joint stock companies are generally required to have both external and internal auditors.
An internal auditor or a team of internal auditors as employees of the company report to the highest tier of management and provide independent and objective evaluation of the company’s financial and operational framework and practices with the aim to bring in a systematic and disciplined approach to improving the overall operational efficiency of the company. Publicly traded companies mostly have internal auditing teams to evaluate both compliance within the company’s internal structure and external regulatory and other compliance.
Under the Capital Market Authority (the “CMA”) regime, pursuant to Administrative Decision 6/02, an internal auditor of a public company is accountable primarily for the following:
- Reviewing the internal controls and compliance procedures
- Evaluating the adequacy and effectiveness of internal administrative, accounting and financial processes and the quality of operating performance
- As part of risk management, recommending ways and means to secure the assets of the company
Reviewing operational processes for the establishment of compliance policies, procedures and internal regulations. - Establishing and maintaining a quality assurance program to evaluate the operations of the internal auditing department and ensuring compliance with international standards for internal auditing
- Reviewing and ensuring the reliability and integrity of information and timely submission of the statutory and other reports and financial statements
- Preparing written audit reports on the results of all audit engagements
- Auditing capital projects
- Promoting awareness of risk management issues and ensuring that board members and employees are informed of the legal prerequisites, government guidelines, code of conduct and ethics and internal regulations.
Furthermore, the audit committee is required to hear the viewpoints of both internal and external auditors separately at least once every year without the presence of the management. If considered necessary, the audit committee may also seek the attendance of the head of internal audit at its meetings.
The CMA decision grants full and unrestricted access to the internal auditors to inspect and evaluate the assets, records and personnel of the company. Internal auditors are also vested with a high degree of autonomy and they should not be assigned the tasks that they are expected to review and appraise.