Effectiveness of Internal Control Procedures

Riyad Bank has established an integrated internal control framework to ensure an effective internal control environment in line with the Guidelines on Internal Controls issued by SAMA. This framework includes policies and procedures set by the Board of Directors and promulgated by the Executive Management to ensure the strategic goals are achieved by protecting the Bank’s assets and guarantee all operations are carried out pursuant to applicable guidelines. Such controls also include the corporate governance that defines the roles and responsibilities of members of the Board and its committees.

The Executive Management and its committees, through these policies, ensure that risks related to regulatory requirements, strategy, financial performance, information technology, assets and liabilities management, liquidity, credit, operations, legal affairs, information security, etc. are appropriately managed.

All stakeholders in Riyad Bank are responsible for the efficiency and effectiveness of the internal control environment through periodic self-assessment reviews of processes and controls to proactively identify deficiencies and ensure timely remediation. Independent reviews are also conducted by different control functions, internal and external auditors to ensure adequacy of the internal control environment.

The Compliance Department is responsible to ensure compliance with regulatory requirements through its reviews and identify deficiencies in implementation of regulatory guidelines.

Scope of work of the Internal Audit Department encompasses independently assessing the adequacy and efficiency of the internal control environment by ensuring all applicable policies and procedures are implemented and practiced appropriately.

Senior Executive Management and the Board Audit Committee are regularly updated on the status of internal control environment and the corrective actions identified to improve its adequacy and effectiveness. They ensure timely implementation of these measures taken to mitigate the identified risks.