Article (4): Special Considerations for External Audit
1-4 | The external audit in Companies must be fully compliant with the provisions laid down in the Central Bank Laws and Regulations. Where more than one External Auditor is appointed, the External Auditors must distribute duties amongst themselves and issue a common external audit opinion. | ||||
2-4 | The Board audit committee must approve a policy for the tendering of the audit engagement. This must include requirements for knowledge and competence, objectivity, independence, professional scepticism and quality control. The Board audit committee must review and agree to the terms of the engagement prior to the signing of the written contract. Where relevant, the Board audit committee must ensure that the work plan of the engagement has been updated to reflect changes in the size, business mix or complexity of the Company or in the instructions of the Central Bank. | ||||
3-4 | The Board audit committee must assess the overall quality of the External Auditor at least annually. The Board audit committee must obtain from the External Auditor, on an annual basis, a report on the audit firm’s internal quality control procedures, including the audit firm’s engagement quality control process, and any significant matters of concern arising from these procedures. | ||||
4-4 | In monitoring and assessing the work of the External Auditor, the Board audit committee must obtain an understanding of the auditor’s view on any significant matters arising during the audit, including both those subsequently resolved and those that remain outstanding. The Board audit committee must review with the External Auditor the statements provided by the Board and Senior Management in the representation letter to the External Auditor, considering whether, based on the knowledge of the members of the Board audit committee, the information provided for each item is complete and appropriate. | ||||
5-4 | Following completion of the fieldwork for the audit, and prior to issuance of the audit opinion, the Board audit committee must consider whether the External Auditor followed the audit plan and understand any reasons for changes in the plan. The Board audit committee must obtain feedback from Senior Management on the conduct of the audit. The Board audit committee’s assessment of the effectiveness of the external audit process must be documented and reported to the Board for discussion of findings and any recommendations. | ||||
6-4 | The Board audit committee must have the right and authority to meet regularly with the External Auditor – in the absence of Senior Management –to understand and discuss all issues that may have arisen between the External Auditor and Senior Management in the course of the external audit and how these issues have been resolved. These meetings must also address any other matters that the External Auditor believes the Board audit committee should be aware of in order to exercise its responsibilities. | ||||
7-4 | The Board audit committee must discuss with the External Auditor any matters arising from the audit that may have an impact on regulatory capital or regulatory disclosures. | ||||
8-4 | The Board audit committee must approve a policy governing the provision of non-audit services by the External Auditor. The policy must specify the types of non-audit services the External Auditor may provide, or is prohibited from providing, and establish a requirement for approval of any such arrangement by the Board audit committee or by an appropriate level of Senior Management in accordance with authority delegated by the Board audit committee. | ||||
9-4 | The external audit firm engaged by the Company, including its Affiliates or Subsidiaries, must not provide any non-audit services to the Company during the financial years of its external audit mandate, which could impair its objectivity and independence. | ||||
10-4 | Prohibited non-audit services by the External Auditor include: | ||||
|
| a. | bookkeeping and preparing accounting records and financial statements; | ||
|
| b. | designing and implementing Internal Controls or Risk Management procedures related to the preparation and/or control of financial information or designing and implementing financial information technology systems; | ||
|
| c. | services related to the Company’s internal audit function; | ||
|
| d. | valuation services, including valuations performed in connection with actuarial services or litigation support services; | ||
|
| e. | human resources services, with respect to: | ||
|
|
|
| i. | management in a position to exert significant influence over the preparation of the accounting records of financial statements which are the subject of the external audit, where such services involve searching for or seeking out candidates for such position or undertaking reference checks of candidates for such position; |
|
|
|
| ii. | structuring the organization design; and |
|
|
|
| iii. | cost control. |
f. | brokerage services in securities services or works; | ||||
g. | services linked to the financing, capital structure and allocation, and investment strategy of the Company, except providing assurance services in relation to the financial statements, such as the issuing of comfort letters in connection with the prospectuses issued by the Company; | ||||
h. | promoting, dealing in, or acquiring ownership in the Company; | ||||
i. | legal services, with respect to: | ||||
|
| i. | the provision of general counsel; | ||
|
| ii. | negotiating on behalf of the Company; and | ||
|
| iii. | acting in advocacy role in the resolution of litigation. | ||
j. | services that involve playing any part in the management or decision-making of the Company; and | ||||
k. | tax services and the provision of tax advice. | ||||
11-4 | The prohibited non-audit services also include any prohibited services under Federal Law No (12) of 2014 on the Regulation of the Auditing Profession, as amended, Cabinet Decision No. 48/2022 On the Implementing Regulation of Federal Law No. 12/2014 on the Regulation of the Auditing Profession; and under the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants, which are not specifically listed above. | ||||
12-4 | Where non-audit services are provided by the External Auditor, the Board audit committee must monitor the provision of such services to ensure that their performance does not impair the External Auditor’s objectivity and independence. This must take into consideration various factors including the skills and experience of the External Auditor, safeguards in place to mitigate any threat to objectivity and independence, and the nature and arrangements for non-audit fees. The Company’s annual report must explain to shareholders the nature and the fee arrangements for the non-audit services received, and how the External Auditor’s independence is safeguarded. | ||||
13-4 | The External Auditor must meet the following expectations: | ||||
|
| a. | have insurance industry knowledge and competence sufficient to respond appropriately to the risks of material misstatement in the Company’s financial statements and to properly meet additional regulatory requirements that may be part of the external audit; | ||
|
| b. | be objective and independent in both fact and appearance with respect to the Company; | ||
|
| c. | exercise professional scepticism when planning and performing the audit of Companies, having due regard to the specific challenges in auditing a Company; | ||
|
| d. | identify and assess the risks of material misstatement in the Company’s financial statements, taking into consideration the complexities of the Company’s activities and effectiveness of its internal control environment; | ||
|
| e. | have professional indemnity insurance in the UAE; and | ||
|
| f. | maintain confidentiality of information relating to the Company, unless such information is required by the Central Bank pursuant to Central Bank Laws, Regulation or other applicable legislation or required by other competent supervisory authority or judicial body. | ||
14-4 | The External Auditor must furnish the Board audit committee at least annually with information about the External Auditor’s policies and processes for maintaining independence and monitoring compliance with independence requirements. | ||||
15-4 | The External Auditor must not purchase the securities of the Company whose accounts are audited by them or sell such securities directly or indirectly or provide any consultations to any person in connection with such securities during the blackout period. | ||||
16-4 | The External Auditor must not serve on the Board or hold a position in Senior Management before two years have lapsed from the time of involvement in the Company’s audit. | ||||
17-4 | The External Auditor’s terms of engagement must be established in a written contract, which at a minimum, provides that: | ||||
|
| a. | the External Auditor must meet with the Central Bank as deemed necessary for supervisory purposes. The Central Bank will determine whether the Company will participate in such meetings; | ||
|
| b. | the External Auditor bears no duty of confidentiality to the Company with respect to any notification of meeting with the Central Bank required by this Regulation, or the provision of any document or information required to be submitted to, or requested by, the Central Bank for supervisory purposes; and | ||
|
| c. | the External Auditor must provide, upon the request of the Central Bank, access to working papers and other documents that support conclusions made in the audit opinion. | ||