top of page

Common Observations Picked Up by Internal Auditors

As defined by the Institute of Internal Auditors, internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives in bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

According to the ​Guidelines on Risk Management Practices which serves as a guidance to financial institutions on sound practices for their internal control environment and business process controls, an institution should have in place an adequately staffed, independent and permanent internal audit function responsible for assessing whether existing policies, processes and internal controls (including risk management, compliance and corporate governance processes) are independent, effective, appropriate, and remain sufficient for the institution’s business.

MAS also expects the business activities of Fund Management Companies (“FMCs”) to be subject to adequate internal audit, whereby the internal audit arrangements should be commensurate with the scale, nature and complexity of its operations.

Established in 2013 as a professional consulting firm, Lymon specializes in providing regulatory compliance and independent internal audit services to financial institutions in Singapore. Overtime, we have noted that there are several common observations and pitfalls, some of which includes:


Did you know that Microsoft Office 365 (including Outlook and Teams) is a cloud-based service and would be considered as a form of outsourcing under the MAS Outsourcing Guidelines?

This is frequently overlooked and consequently, the required materiality assessment, risk evaluation, due diligence and periodic reviews are not performed. Fund managers who are aware of this form of outsourcing may also not know how to perform these assessments on large corporations such as Microsoft.

MAS Returns & Base Capital Monitoring

MAS requires holders of Capital Markets Services Licences to maintain a minimum base capital with its definition stated in the Securities and Futures (Financial and Margin Requirements for Holders of Capital Markets Services Licences) Regulations. As set out in the Guidelines on Licensing, Registration and Conduct of Business for Fund Management Companies, “An FMC shall at all times meet the base capital thresholds upon obtaining its licence or being registered with MAS. It would be prudent for the FMC to maintain an additional capital buffer, over and above the requisite base amount. An FMC should make a reasonable assessment of the amount of additional capital buffer it needs, bearing in mind the scale and scope of its operations.

It is common to find that in the calculation of the base capital, the current unaudited unappropriated profit or loss figures is being used instead of what was indicated in last audited financial statements.

Anti-Money Laundering and Countering the Financing of Terrorism (“AML/CFT”)

In performing client due diligence over its customers, a company is required to obtain certain verification documents that are certified true copies, or copies of original documents that had been sighted. However, we have frequently seen verification documents that were not properly retained, documented, or translated.

The above-mentioned examples are simply a few common pitfalls that we picked up during the internal audit process and a glimpse into the various observations consistently recognised throughout. At Lymon, we have been providing internal audit services independently to fund managers since 2013. The capabilities and collective knowledge that we are able to access and deploy can deliver sharp and objective insights to our clients.

To find out more about our internal audit service offerings and how we can support you in your regulatory needs, please do not hesitate to reach out to your usual contact at Lymon or our specialist below:

internal audit, compliance consulting, regulatory compliance, internal audit outsourcing, internal audit services

Jovi Gan, Director

+65 6709 4110


bottom of page