Ahmed Aban Zubair, Sunway College
Dr Aishath Muneeza, Associate Professor, INCEIF
Shariah compliance is the backbone of any Islamic financial institution (IFI) operating in any given jurisdiction. To mitigate risks associated with Shariah Non-compliance (SNC), it is imperative to adopt an adequate Shariah governance framework with Shariah control functions such as Shariah risk management, Shariah review and Shariah audit. SNC events in any IFI can result in several consequences such as financial consequences like non-recognition of income/revenue and non-financial consequences such as reputational risk.
Apart from these consequences, in some countries there is a statutory consequence which an IFI might have to face as well. According to the Islamic Financial Services Act of Malaysia Shariah, non-compliance in an IFI can be an offence. In other countries like Maldives, where there is no Shariah governance framework enacted by the Central Bank, there is a need to ensure that there are adequate mechanisms put in place by the respective IFIs to gain and maintain the confidence of the public on shariah compliance status of the entities.
Let us take the Maldives for example. The Islamic Banking Regulations published by the Central Bank of Maldives requires every Islamic bank and bank engaging in Islamic banking in the country to establish a Shariah Committee to achieve Shariah compliance within the Islamic bank. It also deals with internal Shariah controls, where it is stated that Islamic bank and bank engaging in Islamic banking business:-
- Shall establish an internal Shariah control function which is responsible for monitoring ongoing compliance with Shariah in the implementation and execution of the financial services;
- Shall maintain a Shariah Compliance Manual which sets out how the internal Shariah review and audit process will be coordinated on an ongoing basis;
- Shall ensure that the internal reviews are conducted in accordance with the provisions of accounting, auditing, governance, ethics and Shariah standards. It also states that the Shariah Compliance Manual must cover the following: who is responsible for overseeing the internal Shariah control function; how such reviews will be conducted; and how any disputes relating to Shariah will be resolved.
In practice, however, there is no Shariah governance framework in Maldives and the individual institutions have the liberty to adopt internal Shariah governance frameworks to ensure Shariah compliance.
In the only full-fledged Islamic bank in the country, an internal Shariah governance framework has been adopted to achieve Shariah compliance and under this framework it is the in-house Shariah Unit that is responsible to confirm that key functions and business operations comply with Shariah and provide the report to Shariah Board.
Understanding Shariah Audit
“Timely shariah based financial assessment”
The audit by Shariah is defined as a systematic process of gaining sufficient and relevant evidence to form an opinion on whether the subject matter of the Shariah rules, rules and principles are generally accepted by the Islamic community, i.e. personnel, process, finance and non-financial performance, and to report to the stakeholders (Mohamed, 2007).
On the other hand, in paragraph 7.7 of the 2010 Shariah Governance Framework (SGF) laid down by BNM is the periodic evaluation carried out occasionally to ensure an autonomous assessment and objective assurance aimed at adding value and improving the level of compliance with IFI business activities, with the main aim of ensuring the compliance of Shariah in a sound and effective internal control system.
However, there is little agreement on how to implement an effective, efficient SA from the perspective of human capital despite the importance of Shariah auditing (SA) Despite this. The purpose of this study is to elaborate on the need for an EDC study in Malaysia to address the needs of the Shariah auditors in the IBs.
Shariah audit has long been regarded as one of the most important pillars of IFI Shariah and corporate governance. In the IFIs, there must be assurances of adherence to all Shariah principles. These Shariah auditors must have the necessary information, expertise, abilities, and training, as well as be capable.
The SSB will then present the BOD with its opinions on exclusively Shariah issues, with the BOD making the final decisions. Internal audit’s major purpose is to ensure that IFI management fulfils its responsibilities in adopting Shariah principles as mandated by the SSB.
External Shariah Audit
“Must Practice to maintain credibility in the market”
External Shariah Audit (ESA) ensures that an adequate independent assurance is provided to the Shariah Committee and Board of the company on the shariah compliance status of its operations.
The Accounting and Auditing Organization for Islamic Financial Institution (AAOIFI)’s Auditing Standard for Islamic Financial Institutions deals with ESA (Independent Assurance Engagement on an Islamic Financial Institution’s Compliance with Shariah Principles and Rules).
Not only this, but Islamic Financial Services Board (IFSB)’s Guiding Principles on Shariah Governance Systems for Institutions offering Islamic Financial Services has also acknowledged ESA as a means to achieve shariah compliance where it is stated that the task to conduct Shariah review/audit can be carried out by ISRU (Internal Shariah review/audit unit/department) or it can be assigned to an appropriately competent external auditor or external Shariah firm.
AAOIFI’s Auditing Standard for Islamic Financial Institutions defines ESA as an independent assurance engagement to provide reasonable assurance that an IFI complies with Shariah principles and rules applicable to its financial arrangements, contracts and transaction during a specific period based on a specific Shariah principles and rules contained in the criteria. According to this standard, external shariah auditor is a firm inter alia having professional knowledge and competence of auditing and relevant shariah principles and rules. In conventional sense an external auditor is a duly appointed person who is independent from the organization, who examines and expresses an opinion whether the financial statements represent a true and fair view and that there are no material misstatements.
There are subtle differences between the scope of the conventional auditor and the ESA. The role of the ESA is to obtain reasonable assurance whether, based on suitable criteria the IFI has, in all material respects, complied with ‘Shariah principles and rules’ concerning the financial arrangements, contracts, and transactions for a specific period under audit.
The ESA team should have adequate shariah and Islamic banking knowledge, in addition to the conventional audit competencies. Furthermore, they should be well versed with the current Islamic finance situation of the countries they work in. It is important to note that the duty of the ESA is not to prevent non-compliance with ‘Shariah principles and rules’, it is to obtain reasonable assurance regarding compliance.
Internal Shariah Audit
“Transparency and accountability practice to be conducted”
According to the AAOIFI (2015) GSIFI No. 3 guideline, the in-house Shariah audit department must plan all of its audit tasks. The planning documents must include, but are not limited to:
- gathering background data on the activities to be examined, such as branch, location, product/service, divisions, and others;
- Developing audit goals and job scope;
- Procuring previous years’ internal and external audit findings, SSB fatwas, directives, guidelines, and related correspondence encompassing;
- Determining the necessary resources for the audit tasks;
- Interacting with the relevant IFI staff on the audit;
- Conducting a suitable appraisal to familiarise with the risks, activities, and controls for the identification of areas that the auditors need to focus on, as well as soliciting feedback from the auditees;
- Determining the method and date of the audit outcome to be released;
- Obtaining the relevant authority’s permission on the audit plan, including the IFI’s SSB.
The auditees’ views on the audit conclusion or recommendations must be included in the audit report. The SSB must be consulted in the event of a disagreement between the in-house Shariah auditors and management on the interpretation of Shariah-related problems. The auditors must follow up to verify that appropriate steps are taken in response to the audit report. There must also be follow-ups on the outside auditors’, SSB’s, and regulators’ other proposals.
As a result, the in-house Shariah auditors’ work description must state that they must communicate directly and frequently with the SSB and management. Complete access to reports, personnel, papers, and other information is also required. As a result, auditing will become more efficient and effective.
Shariah Audit in Malaysia
“Higher level of assurance for entities in Malaysia”
The Malaysian Government has taken seriously the importance of having an independent audit of companies.
Companies registered as private limited under the Islamic Banking Act of 1983 in Malaysia may be audited by external auditors, excluding Islamic banks.
The importance of shariah governance has been realised in that it has been specifically described by the Shariah governance framework (SGF) issued by the BNM as part of the improvement of corporate governance in the Malaysian company and came into effect from 1 January 2011.
In particular, the guideline ruled that Islamic banks in Malaysia need to appoint the competent person to deal with the Shariah affair to ensure that their banks operate per the Shariah procedure. Nevertheless, Malaysia still faces a shariah deficiency who are both qualified in shariah and auditing.
The Shariah IFI governance shall be granted the Shariah committee to monitor any Shariah-complying matters before the SGF introduced in 2011 by the BNM. You may also have to carry out both shariah and shariah audits.
No guidelines on Shariah governance were available in the IFIs at that time. But there are major changes in the Shariah issues in IFIs after 2011 with the introduction of the SGF. The SGF as shown in Figure 1 took the issue from Shariah seriously by establishing four (4) shariah functions to be carried out in Islamic finance, namely Shariah Risk Management Control under the supervision of the Risk Management Board, the Shariah review functions, the shariah management auditing function, and the shariah committed audit function.
While shariah research and Shariah examination are performed by the shariah officers who are Shariah undergraduates in their respective IBs, Shariah risk is usually performed jointly by the financial and shariah officers who are typically undergraduates with a degree in finance or shariah.
The only shariah advisor and auditor certification, known as ‘Certified Shariah Advisor and Auditor,’ was started by AAOIFI (CSAA). The CSAA programme is designed to provide individuals with the necessary technical knowledge and professional skills in shariah compliance assessment processes for the worldwide IB and banking industries.
The program also covers technical subjects that are essential to shariah compliance and review processes and procedures such as AAOIFI’s shariah standards on Islamic products and practices, AAOIFI governance standards on shariah compliance and review processes, Islamic banking and finance supervision as well as the application of shariah and Fiqh (Islamic jurisprudence) to Islamic banking and finance practices
With the growth of the industry, effective governance tools must be established to ensure qualitative improvements and correspondence.
ESA is regarded as one of the fundamental indicators of an IFI’s trustworthiness and Shariah compliance implementations. ESA helps IFIs to achieve Shariah compliance status by providing the opportunity to detect and manage SNC events.
In countries where there is no direct guidance to adopt ESA given by their respective regulatory authority, individual IFIs can adopt AAOIFI’s Auditing Standards for Islamic Financial Institutions.
Adopting ESA by IFIs in these countries will not only assist IFIs in achieving shariah compliance status; but it will also expand the scope of the existing audit firms in the country by providing them new opportunities to venture into the Shariah audit industry. Therefore, with or without regulatory compulsion, for the sake of achieving and adhering to strict Shariah governance, it is imperative for all IFIs to adopt ESA.