Risk Management in

Islamic Financial Instruments

116

Figure 5.7: Internal Control System

5.7 INTERNAL AUDIT AND CONTROL

The most important risk to IFIs is operational risk. This risk is the result of internal

mismanagement that is connected to the efficient management of systems, people and

technology. At a certain point in time, IFIs have to conduct a survey on the strength of their

internal control system. Internal audit is conducted in most IFIs to understand the problems

and to undertake necessary exercises to remedy the problems. Apart from a very basic RM

system, the IFIs need to make sure that the technology in place is updated one and fully

secured. There must be internal auditors and an internal

Shari’ah

supervisor board to

investigate the introduction of new products by IFIs.

Figure 5.7 illustrates the internal control system of the banks. A major portion of the banks did

have an internal control system to swiftly manage changes in the risk management system.

With sudden changes in commodities prices or changes in the rate of return, IFIs with this kind

of internal control mechanism would be able to manage the risk. It is important to reduce role

conflict among the employees of IFIs. All the banks in the sample avoided role duality within

the staff of the risk management division. Banks had contingency plans to manage disasters

and accidents. Almost all the banks had internal auditors to review and verify risk

management frameworks and monitor the outcome of the frameworks. Having an internal

auditor ensures the safety of the entire system, as the auditor goes through all the necessary

components of the risk management framework and finds problems that need immediate

attention.

All the banks had sufficient safety management for data used to keep records customer

information. These banks had to go through a tough

Shari’ah

screening process to in order to

introduce a new product. The

Shari’ah

supervisory board (SSB) works as a guiding light to the

new product development process that eventually may lead to a built-in risk management tool

0

10

20

30

40

50

60

70

80

90

100

Internal

control

system to

deal with

changes

Separation of

duties to

avoid role

duality

Contingency

plan to

manage

disasters

Internal

auditor to

review and

verify RM

system

Backups of

software and

data files

Shari'ah

board

clearance for

new product

Securitization

to raise fund

Investment

risk reserve

83,3

100

88,9

94,4

100

100

44,4

72,2

No (%) Yes (%)