SECTION 3: RISK MANAGEMENT AND INTERNAL CONTROLS

66 | Audit Committee Guide 3C Risk Management and Internal Controls 123 in the BRC Guide 3D Evaluation of Control Deficiencies 128 3E AC Concurrence with Board Comment 135 3F Understanding Fraud 138 3G Sample Fraud Policy 141 3H Reviewing Fraud Risks and Cases 144 3I Sample Fraud Status Report 147 3J Sample Whistleblowing Policy 149 3K Whistleblowing Operations 153 3L Sample Whistleblowing Status Report 159 3M Data Analytics in Auditing 162 3N Overview of AML/CFT 168 3O IPT Definitions and Requirements 173 3P RPT Definitions and Requirements 182 3Q Differences Between IPTs and RPTs 187 3R Management System for IPTs and RPTs 193 3S AC Considerations for IPTs 198 3T AC Considerations for RPTs 203