Internal Audit Charter

DFCITY Group BerhadInternal Audit Charter


The purpose of internal audit function is to provide an independent and objective assurance and consulting activity designed to add value to improve the operations of the DFCITY Group Berhad (formerly known as Hock Heng Stone Industries Berhad) (hereinafter referred to as “the Company”) and its subsidiaries (hereinafter collectively referred to as “the Group”). The mission of internal audit is to enhance and protect organisational value by providing risk-based and objective assurance, advice, and insight. The internal audit function helps the Group accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.


The internal audit function is subject to review by Audit Committee of the Company (hereinafter referred to as “AC”) and established by the Board of Directors (hereinafter referred to as “Board”). The internal audit function’s responsibilities are subject to review by AC and approved by the Board as part of their oversight role.


The internal audit function will govern itself by adherence to The Institute of Internal Auditors’ mandatory guidance including the Core Principles for the Professional Practice of Internal Auditing, Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (hereinafter referred to as “Standards”). This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the internal audit function’s performance.


The internal audit function shall:

  • Have full, free, and unrestricted access to all functions, records, property, and personnel pertinent to carrying out any engagement, subject to accountability for confidentiality and safeguarding of records and information.
  • Allocate resources, set frequencies, select subjects, determine scopes of work, apply techniques required to accomplish audit objectives, and issue reports.
  • Obtain assistance from the necessary personnel of the Group, as well as other specialised services from within or outside the Group, in order to complete the engagement.


The internal audit function will report directly to the AC.


The AC will:

  • Review the internal audit charter.
  • Review the risk based internal audit plan.
  • Review the internal audit budget and resource plan.
  • Receive communications from the internal audit function on its performance relative to its plan and other matters.
  • Review decisions regarding the appointment and removal of the internal audit function.
  • Make appropriate inquiries of management and the internal audit function to determine whether there is inappropriate scope or resource limitations.

The AC will report to the Board on the results of above reviews and recommend to the Board for its decision.

The internal audit function will communicate and interact directly with the AC (including individual member of the AC), including during AC meetings and between AC meetings as appropriate. In particular, the internal audit function shall meet with the AC without the presence of the Executive Directors and the Management at least once per year.


The internal audit function will remain free from interference by any element in the organisation, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.

Internal audit function will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal audit function will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.

Internal audit function will have no direct operational responsibility or authority over any of the activities audited. Accordingly, internal audit function will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair internal audit function’s judgment, including:

  • Assessing specific operations by an individual member of internal audit function for which such individual member of internal audit function had responsibility within the previous year.
  • Performing any operational duties for the Group.
  • Initiating or approving transactions external to the internal audit function.
  • Directing the activities of any the Group’s employee, except to the extent that such employees have been appropriately assigned to internal audit function or to otherwise assist internal audit function and for operations not under such employee’s responsibility.

Where the internal audit function has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards will be established to limit impairments to independence or objectivity.

Internal audit function is to disclose any impairment of independence or objectivity, in fact or appearance, to the AC.

The internal audit function will confirm to the AC, at least annually, the organisational independence of the internal audit function.

The internal audit function will disclose to the AC any interference and related implications in determining the scope of internal auditing, performing work, and/or communicating results.


The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the Group’s governance, risk management and controls. This includes:

  • Evaluating risk exposure relating to achievement of the organisation’s strategic objectives.
  • Evaluating actions of the Group’s officers, directors and employees whether in compliance with the Group’s policies, procedures, and applicable laws, regulations, and governance standards.
  • Evaluating whether the results of operations or programs are consistent with established goals and objectives.
  • Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
  • Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the Group.
  • Evaluating the means of safeguarding assets.
  • Evaluating the effectiveness and efficiency with which resources are employed.
  • Evaluating governance processes.
  • Evaluating the effectiveness of the Group’s risk management processes.
  • Performing consulting and advisory services related to governance, risk management and control as appropriate for the Group, subject to the review of the AC with appropriate safeguard measures (including does not assume management responsibility).
  • Reporting at planned intervals on the internal audit function’s purpose, authority, responsibility, performance relative to approved IA plan, conformance with The IIA’s Code of Ethics and Standards, and action plans to address any significant conformance issues.
  • Reporting significant risk exposures and control issues, including fraud risks, bribery risks, governance issues, and other matters needed or requested by the AC.
  • Evaluating specific operations at the request of the Board or management, as appropriate, subject to review by the AC with appropriate safeguard measures (including does not assume management responsibility).
  • Submit, at the completion of approved internal audit plan, to AC a risk-based internal audit plan for review and its reporting to the Board for approval (including changes in the approved internal audit plan required due to changes in the internal or external business context or risk exposure).
  • Ensure each engagement of the internal audit plan is executed, including the establishment of objectives and scope, the assignment of appropriate and adequately supervised resources, the documentation of work programs and testing results, and the communication of engagement results with applicable conclusions and recommendations to appropriate parties.
  • Ensure the internal audit function collectively possesses or obtains the knowledge, skills, and other competencies needed to meet the requirements of the Internal Audit Charter.
  • Establish and ensure adherence to policies and procedures designed to guide the internal audit function.
  • Ensure adherence to the Group’s relevant policies and procedures, unless such policies and procedures conflict with the Internal Audit Charter. Any such conflicts will be resolved or otherwise communicated to AC.


Prior to the commencement of internal audit and upon the completion of internal audit plan, the internal audit function will submit to AC an internal audit plan for its review and for its recommendation to the Board for approval.

The internal audit plan will be developed based on a prioritisation of the audit universe using a risk-based methodology, including input of senior management, the AC and the Board.

The internal audit function will review and adjust the plan, as necessary, in response to changes in the Group’s business, risks, operations, programs, systems, and controls with any changes to the internal audit plan are to be reviewed by the AC and approved by the Board prior to execution.


A written report will be prepared and issued by the internal audit function following the conclusion of each internal audit engagement and will be distributed as appropriate. Internal audit results will also be communicated to the AC for its reporting to the Board of Directors.

The internal audit report may include management’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management’s response by management of the audited area should include a timetable for anticipated completion of action to be taken and an explanation for any corrective action that will not be implemented.

The internal audit function will be responsible for appropriate follow-up on engagement findings and recommendations. All significant findings will remain in an open issues file until cleared.


The internal audit function will maintain a quality assurance and improvement program that covers all aspects of the internal audit. The program will include an evaluation of the internal audit function’s conformance with the Core Principles for the Professional Practice of Internal Auditing, Definition of Internal Auditing and the Standards and an evaluation of whether internal audit function apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit function and identifies opportunities for improvement.


This Internal Audit Charter shall be subject to review and update (if applicable) to incorporate the changes in the law and regulations, Definition of Internal Auditing, the Standards and the Code of Ethics as well as the operational requirements of the Group or at least once every three (3) years, on the recommendation of the internal audit function, subject to review by the AC and approval by the Board.

This Internal Audit Charter is reviewed by the AC and approved by the Board. Approved this _________ day of ____________, _________.

Copyright © 2023 DFCITY Group Berhad. Reg. No 200801038692 (840040-H). All rights reserved.