CBK mandates auditor rotation for exchange companies every three years

• Under the new directive, the appointment of an auditor may only be renewed twice, after which a replacement becomes mandatory.
• The CBK has instructed exchange companies to take the necessary steps to examine and evaluate their internal control systems for the year 2025 by appointing an audit firm affiliated with one of the international auditing networks, provided it is independent from the company’s existing external auditor. Companies must submit the name of the appointed firm no later than March 1.

In a move to strengthen governance and safeguard the integrity of financial transactions, the Central Bank of Kuwait (CBK) has issued a directive to exchange companies to rotate their external auditors responsible for reviewing and assessing internal control systems if the same auditor has served for three consecutive years.

Under the new directive, the appointment of an auditor may only be renewed twice, after which a replacement becomes mandatory, reports Al-Rai daily.

The CBK has also instructed exchange companies to take the necessary steps to examine and evaluate their internal control systems for the year 2025 by appointing an audit firm affiliated with one of the international auditing networks, provided it is independent from the company’s existing external auditor. Companies must submit the name of the appointed firm no later than March 1.

The Central Bank outlined the key elements that must be included in the auditor’s report on internal control systems. These include a detailed summary of the audit procedures carried out, with a clear explanation of sampling methods used, including the basis for selecting samples and determining their size.

The report must also identify the principal risks facing internal control systems and classify them according to their severity—high, medium, or low—based on audit findings. In addition, auditors are required to provide practical recommendations aimed at enhancing control mechanisms and mitigating identified risks.

Auditors must further express an opinion on whether the observations revealed during the review materially affect the accuracy and fairness of the company’s financial statements.

They are also required to assess the adequacy of corrective actions already taken, as well as those planned or approved by the company, including an evaluation of unresolved issues from previous reports and the reasons behind the delay in addressing them.

Another key requirement is the auditor’s opinion on the effectiveness of the company’s internal control systems in preventing embezzlement by employees or third parties, taking into account relevant CBK regulations. The auditor must clearly outline the procedures followed to reach this conclusion.

The CBK emphasized that exchange companies must submit the internal control evaluation report no later than June 30. The report must be presented to the Board of Directors or partners for appropriate action, with documented evidence confirming this step.

In addition, auditors will be required to submit concise quarterly follow-up reports outlining the progress made in implementing corrective measures, as well as their opinion in cases of non-compliance with agreed timelines. These reports must be submitted within five working days of the end of each quarter, specifically for the periods ending September 30 and December 31.