The internal audit department has to ensure that the potential risks of all bank activities are clearly identified and closely monitored. An internal audit function is required by law and must be independent of operational management. The department must file an annual report with the financial regulator (CSSF) detailing the audit plan and the main findings of the year. This includes anti-money laundering, fraud identification and operational credit risks.
The geographic scope of the departments responsibilities covers the entities within the Société Générale group in Luxembourg and their subsidiaries in Belgium, Switzerland, Monaco and the Bahamas. The department is a hub organisation; the management and main team are situated in Luxembourg and two other teams are located in the Swiss and Belgian subsidiaries. Internal auditors report to their local supervisor who are under the management of the Head of Internal Audit in the hub in Luxembourg.
Firstly, the department diagnoses the nature and the level of the risks related to the audited activity. Then the department determines the different areas it will focus on and the controls it will perform in order to assess the correct monitoring of the identified risks. Finally, the department writes a report stating the various issues raised and the recommendations it proposes to improve the processes and the risk monitoring.