Internal audit and control

BPI's internal control system is the framework under which internal controls are developed and implemented to manage and control a particular risk or business activity, or a combination of risks and activities, to which the Bank is exposed.

Our Internal Audit Division is an independent body that supports the Audit Committee in fulfilling its oversight responsibilities by providing an objective assessment on the adequacy and effectiveness of the Bank’s risk management, internal controls, and governance processes through well-established risk-based audit plans. Internal Audit also ensures that the Bank’s operating and business units adhere to internal processes and procedures and to regulatory and legal requirements.

This unit reports directly to the Board through its Audit Committee. It collaborates with other assurance providers such as the Risk Management Office, Compliance Office, external auditors, and other oversight units. Through this system for the comprehensive monitoring and review of risks and compliance in the institution, the Board ensures that the Bank and all business units proactively manage the risk and compliance exposures impacting the business. (Recommendation 2.10 and 12.2 of the SEC CG Code for PLCs)

The Audit Committee also ensures that the Internal Audit Division undergoes an external quality assessment review (EQAR) to confirm that audit activities conform to the International Standards for the Professional Practice of Internal Auditing and Code of Ethics. The program includes periodic internal and external quality assessments and ongoing monitoring of the performance of the internal audit activity. Periodic internal assessments are conducted annually, while external quality assessments are conducted at least once every five years by a qualified independent validator. This unit maintains its “generally conforms” ratings on both internal and external assessments, which indicate that its activities have continuously conformed to professional standards, code of ethics, and other internal standards.

The statement of the Directors on the effectiveness of the Bank's internal control system is embodied in the Report of the Audit Committee to the Board of Directors, which is part of the Annual Report.

The internal audit function as empowered by the Internal Audit Charter includes free access to all records, properties, and personnel. In this respect, the Audit Committee reviews the internal audit function, including its independence and the authority of its reporting relationships. The Internal Audit Division continuously improves the capabilities of its auditors through continuous education on specialized areas of knowledge, auditing techniques, regulations, and banking products and services. As stated in the Manual on Corporate Governance, the Board, through the Audit Committee, periodically reviews and approves the Internal Audit Charter. (Recommendation 2.10, SEC CG Code for PLCs).

Read the Internal Audit Charter here.

The Internal Audit Division is headed by a Chief Audit Executive (CAE) who is appointed by the Board and reports functionally to the Board through the Audit Committee and administratively to the President and CEO. The CAE has unrestricted access to all functions, records, property, and personnel. Additionally, the Audit Committee ensures that the CAE has access to the Board, on a confidential basis, and that the Internal Audit Division is independent of bank management, both by intent and actual practice. The Board, through the Audit Committee, evaluates the performance of the CAE. (Recommendation 2.8, 9.1, 9.2, 12.3 SEC CG Code for PLCs).

Rosemarie B. Cruz was Chief Audit Executive from ​ January 1, 2012 until ​ June 30, 2023. Anna Liza O. Bobadilla is the current Chief Audit Executive.

Read the full biography of the Chief Audit Executive here. 

The Audit Committee recommends to the Board the appointment of a BSP accredited external auditor for the purpose of preparing or issuing an audit report or other related work. The appointment, re-appointment, and removal of the Bank’s external auditor is subject to the approval and endorsement by the Audit Committee, for subsequent confirmation and approval by the Board and, finally, the stockholders. (Recommendation 9.1, 9.2 SEC CG Code for PLCs) The engagement of the external auditor is also done pursuant to the General Requirements of Securities Regulation Code (SRC) Rule 68, Par. 3 (Qualifications and Reports of Independent Auditors).

The Audit Committee also assesses the external auditor’s effectiveness, independence, and objectivity, ensuring that key partners or the handling partner is rotated at appropriate intervals or changed every five years or earlier. The Committee also reviews the external auditor’s annual plan, scope of work, and, in consultation with management, approves the external auditor’s term of engagement and audit fees. They also oversee the resolution of disagreements between management and the external auditors in the event that these arise.

The external auditor reviews and discusses the financial statements and reports, including results of operations, with Management and the Internal Auditor, and endorses the same to the Board for approval. Audited Financial Statements are signed by the Chairman of the Board, the President and CEO, and the Chief Finance Officer (CFO).

The Audit Committee also holds executive or private meetings with the external auditors without the presence of Management.

BPI has paid the following fees, inclusive of taxes, to its external auditors in the past two years:

The audit and audit-related fees cover services by the External Auditor that are reasonably related to the performance of the audit or review of the annual, half-year or quarter-end financial statements for BPI and its subsidiaries. There were no non-audit fees for other services not related to the audit/review of the financial statements. (Recommendation 9.3 of the SEC CG Code for PLCs)

The Audit Committee charter, as stated in the Bank’s Manual on Corporate Governance, provides that the Audit Committee is empowered by the Board to approve all audit and non-audit services, including fees, to be provided by the external auditor to the Bank and its subsidiaries. It is also tasked to review the external audit fees and recommend for approval by the Board.