COMPARATIVE ANALYSIS OF SHARIAH REVIEW AND AUDIT

Nurazalia Zakariaa
Zurina Shafiib
Abstract
Islamic Financial Institutions (IFIs) play an important role in mobilizing funds in an economy.
This renders to the operations of Islamic banks having implications to various stakeholders,
namely shareholders, investment account holders, depositors and the public at large. Due to that,
IFIs operations need to be operated within a strong governance mechanism as they uphold the
adherence with Shariah principles. As such, a strong Shariah governance structure is required to
ensure the operations of the banks and financial reporting process is as per Shariah principles.
This paper aims provide a conceptual understanding of the current structure of review and audit
in Islamic Financial Institutions in the Malaysian context. The structure will be compared and
contrasted with the requirements of international setting bodies guidelines on Shariah
governance, especially on Shariah review and audit, namely IFSB and AAOIFI standards. The
paper also highlights the current practice of Shariah review and audit by selected Islamic banks
in Malaysia and in the Middle East.

Keywords: Shariah review, Shariah audit, Shariah governance system, Islamic Financial
Institutions

Correspondence Details:
a

Lecturer,
Faculty of Economics and Muamalat,
Universiti Sains Islam Malaysia
nurazalia@usim.edu.my

Director,
Islamic Finance and Wealth Management Institute,
& Senior Lecturer, Faculty of Economics and Muamalat
Universiti Sains Islam Malaysia
anakshafii@yahoo.com

Introduction
The Islamic banking system in Malaysia is considered to be more progressive and robust as
opposed to similar banking system in other Muslim countries. The task of developing a
successful Islamic financial system is indeed not an easy one. It requires the formulation of a
sound plan and well coordinated efforts from various parties. In Malaysia, Bank Negara
Malaysia (BNM) is very much dedicated in issuing several policies and guidelines for the
industry player to implement. Currently, BNM has its own Islamic Banking Department, which
is responsible for the regulatory aspects and has continuously introduced measures for the
development of Islamic banking system in Malaysia.
The rapid progress of Islamic banking over the last two decades would not have been possible
without the continuous efforts from the industry players in building up a successful and vibrant
industry. As for the industry players, the last 20 years have witnessed continuous effort from
them to promote Islamic banking products and services as an alternative to the conventional
system to both retail and corporate customers.
Although the Malaysian Islamic banking system has achieved enormous success in building
itself as a vibrant complement to the conventional system, certain issues have arise. Issues
related to the corporate governance, Shariah governance system and the need to ensure that the
operations of the Islamic banks adhere to Shariah principles are amongst those that have received
great attention.
The objective of this paper is to provide a conceptual understanding of the current structure of
Shariah review and audit in the Malaysian Islamic banking context and compares it to
requirements of international setting bodies guidelines. The paper will also compare the current
practice of selected Islamic Financial Institutions (IFI) in Malaysia and Middle East in Shariah
review and audit.

Islamic Banking Shariah Governance Framework

Bank Negara Malaysia (BNM) has taken great strides to ensure that the Islamic banks in
Malaysia operates in accordance with Shariah principles by implementing a two-tier Shariah
governance infrastructure that comprises of two important components, a centralized Shariah
2

Advisory Council (SAC) at BNM and the internal Shariah committees formed at respective
Islamic banks.
The National Shariah Advisory Council (NSAC) acts as the sole authoritative body to advise
Bank Negara Malaysia (BNM) for Islamic banking and Takaful organizations. NSAC has the
power to issue fatwa and these fatwa resolutions are binding on all financial institutions in the
country. The functions of the NSAC are, among others, to ensure banks comply with the Shariah
rules and guidelines and also to advise Islamic banks and financial institutions on Shariah issues
related to operations and financial dealings.
The establishment of Shariah Committee (SC) is a requirement by the BNM under Guidelines on
the Governance of Shariah Committee for the Islamic Financial Institutions issued in 2004. This
guideline states the importance of forming SC to advise the Islamic banks on Shariah matters and
focusing on the following roles:
i) Being responsible and accountable for all decision, views and opinions related to Shariah
matters.
ii) Perform an oversight role on Shariah matters related to IFI business operations and activities.
This is achieved through Shariah review process and Shariah audit functions regular
Shariah review reports and Shariah audit observations.
iii) Need to discharge duty by providing sufficient disclosure in annual report.
Therefore, the SC is given a daunting task to ensure the IFI operates in compliance to Shariah
principles and they discharge such duties by the conducting Shariah review and Shariah
audit.

Structure of Shariah Review and Audit in Malaysia

BNM Shariah Governance Framework for Islamic Financial Institutions was made effective on
the 1st January 2011. It outlined the scope, function and process of Shariah review and Shariah
audit as follows:

Table 1: Comparison of Shariah Review and Audit

Shariah Review

Shariah Audit

Reference and
Definition

Regular
assessment
on
Shariah
compliance in activities and operations
of IFI by qualified Shariah officers (i.e.
having knowledge in Shariah Usul
Fiqh and Fiqh Muamalat)

Periodical
assessment
to
provide
independent assessment and objective
assurance to add value and improve IFI
compliance
in ensuring sound and
effective internal control system for
Shariah compliance.

Roles and
responsibility

Examine and evaluate IFI level of

compliance to Shariah, remedial
rectification to resolve non-compliance
and control mechanism to avoid
recurrence

Performed by internal auditors trained

and have adequate knowledge of Shariah.
The internal auditors may engage
expertise of Shariah officers in performing
the audit.

Scope

Covers the IFIs overall business

operations including end to end product
development process from pre-product
approval (i.e. product restructuring
before introduce to market) to postproduct approval process (i.e product
offering process)

Process

Planning the review program

objectives,
scope,
reporting
rectification and follow up actons
Documentation
of
processes
involved in review
Communicate the outcome of
review and highlight any noncompliance to senior mgmt & SC
Rectify any non-compliance in
Shariah & prevent recurrence
Communicate results of review to
the SC

Audit of financial statement of IFI

Compliance audit on organizational
structure, people and information
technology application system
Review of adequacy of Shariah
governance process

Understand business activities (i.e

auditability and relevance of
activities)
Develop comprehensive internal
audit program or plan
Objective,
scope,
personnel
assignment, sampling, control &
duration
Establish proper audit processes
Obtain and make reference to
relevant references SAC rulings,
SC decision, fatwas, guidelines,
Shariah audit results & internal
Shariah checklist
Communicate
results
of
any
assessment of findings to SC and
Audit Committee
Provide recommendations & follow
up on rectification measures taken by
IFIs

During the pre-announcement era of the BNM Shariah Government Framework (SGF), Shariah
review and Shariah audit practices were adopted in an unorganized manner. The two functions
were intertwined in many ways that the Shariah reviewer and Shariah auditor are not clear of
their roles and scope of job. BNMs SGF provides a clear distinction of the role of the two
parties. However, in term of scope and execution technique, SGF still lacks in many ways.
SGF advocates that Shariah audit be performed by internal auditors whom have accounting,
auditing and Shariah knowledge, while Shariah review is to be performed by Shariah officers.
In terms of scope, Shariah review concerns with the Shariah issues during pre-approval and post
approval process. Shariah audits scope, on other hand, includes the audit of financial statements,
compliance audit on organizational structure, people and information technology application
system and the review of adequacy of Shariah governance process. Shariah auditors have to have
Shariah knowledge because they have to understand the Shariah aspects of the audit in the
scopes of audit. For example, when auditors audit the financial statements, they have to audit
areas that are concerned with Shariah compliancy in these areas (not an inclusive list):
i)

Sources of financing; debt or equity

ii)

Risk management and hedging mechanisms

iii)

Measurement, recognition, recording and reporting of income and expenses

iv)

Measurement, recognition, recording and reporting Income/profit distribution

including zakat computation and payment.

A note of concern is on the independence and objectivity of the Shariah audit when the internal
auditors do not have adequate knowledge of Shariah and thus, require the assistance from
Shariah officers to perform such audit. Then, it would impair the objectivity of the Shariah audit
if the same Shariah officers are employed to perform both the Shariah review and audit. Besar et.
al. (2009) highlighted the main obstacle in performing Shariah review is the lack of expertise to
perform Shariah review. The current auditors lack the Shariah background and the Shariah
employees lack the experience needed to perform the review, collect documents and evidence
and prepare the working paper and review checklist.

Islamic Financial Services Board Shariah Governance Framework

Islamic Financial Service Board (IFSB) is the international standard-setting body of regulatory
and supervisory agency has issued 15 Standards, Guiding Principles and Technical Note for the
Islamic financial services industry. Of a particular interest for our discussion is IFSB-10, which
is about Guiding Principles on Shariah Governance System.
One of the organizational structure and process in the Shariah Governance System (SGS) is the
internal Shariah compliance unit (ISCU), whose main task is to disseminate information on
Shariah resolutions to the operating personnel and monitor the day-to-day compliance with
Shariah resolutions. The staff in ISCU should have compliance-monitoring skills and relevant
knowledge of the Shariah. The IFI should also ensure that the ISCU is separate and independent
from the business units and departments.
SGS also suggested the establishment of an internal Shariah review/audit unit (ISRU) that is
similar to the IFI internal audit team but will report directly to the Shariah Board or Committee
rather than to the Audit Committee.
Additionally, IFSB suggested that an annual Shariah compliance review/audit be performed to
verify that the internal Shariah compliance review/audit has been carried out. Then, the findings
of the annual review need to be presented to the Shariah Board. IFSB give an alternative for IFI
to assign the annual Shariah review to a competent external auditor or external Shariah firm. The
appointed Shariah advisory firm is required to produce two reports:
a) general statement of compliance be included in the annual report of IFI
b) detailed account of compliance work undertaken and be submitted to the supervisory
authority (i.e. Central Bank, National Shariah Advisory Council)
It can be inferred that by assigning an external auditor or Shariah advisory firm to perform the
annual Shariah compliance review/audit, it give an indication of the importance of independence
and objectivity of the Shariah review/audit. This can only be made effective if the market have
sufficient external auditor or Shariah advisory firm with sufficient skills in audit, usul fiqh and
6

fiqh muamalat. Nonetheless, some may argue that there is the possibility that in a growing
Islamic financial industry, the supply of such firms are limited and thus, creating a situation
where the same Shariah advisory firm whom have provided Shariah advisory services to the
Shariah Board would end up providing Shariah review/audit services. Care should be taken by
IFI to ensure such situation do not arise so as to uphold the independence stature of Shariah
review/audit.
IFSB-10, however did not provide any guideline on the definition, scope and processes that
should be performed by the ISCU and ISRU. Nonetheless, it can be seen that the function of
ISCU is similar to the BNMs Shariah review function where it is a compliance check by the IFI
compliance team and report compliance findings to the Shariah Board or Committee. On the
other hand, ISRU functions are similar to the BNMs Shariah audit function whose duties are
similar to an internal audit department. However, ISRU report their findings to the Shariah Board
rather than to the Audit Committee.
The difference between IFSBs and BNMs stand on Shariah review/audit is that IFSB has allow
IFI the flexibility to appoint external auditor or Shariah advisory firm to perform such services
but BNM focuses on having Shariah audit being performed internally by the IFI themselves.

AAOIFI Standards on Shariah Review and Internal Shariah Review

The Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI) has
issued two governance standards on Shariah review and audit for an IFI, namely Governance
Standard for Islamic Financial Institution (GSIFI) No. 2: Shariah Review and GSIFI No 3:
Internal Shariah Review.
As described in the AAOIFI GSIFI No 2: Shariah Review, the main purpose of Shariah review is
to ensure all operations of the IFI comply with Islamic Shariah rules and principles. The standard
defines Shariah review as an examination of the extent of the IFIs compliance in all its
activities, with the Shariah. This examination includes contracts, agreements, policies, products,
transactions, memorandum and articles of association, financial statements, reports (especially
internal audit and central bank inspection), circulars etc. AAOIFI is firm in establishing that the

performance of Shariah review requires close coordination between the Shariah Committee and
the external auditor.
AAOIFI GSIFI No. 2 also outlined in detail the Shariah review procedures to include planning,
executing and documenting conclusions and reporting. In planning the Shariah review, the
external auditor need to have complete understanding about the IFIs operation and obtain a list
of fatwas or Shariah resolutions, rulings and guidelines. The review procedures should cover all
activities, products, and locations of the IFI. Then, in the next stage is the execution of Shariah
review procedures, the external auditor among others review contracts, agreements, obtain
understanding of the IFI managements awareness, commitment and compliance control
procedures for adherence to the Shariah, and discuss findings with the IFIs management.
Finally, the external auditor should document the review procedures and submit to the Shariah
Committee for the preparation of Shariah Committee Report or Shariah Supervisory Board
Report that is presented to the shareholders.
In AAOIFI GSIFI No. 3: Internal Shariah Review, the standard covers guidance on the internal
Shariah review in IFI to ensure that the management of an IFI complies with the Shariah
principles. The internal Shariah review is to be carried out by an independent
division/department or part of the internal audit department. The IFI should ensure the internal
Shariah reviewers should have no executive authority or responsibility for the activities that they
review. Further, the internal Shariah review should have direct and regular communications with
all levels of management, Shariah Committee and external auditors.
The guideline also emphasizes the importance of professional proficiency of the internal Shariah
reviewers. The staff should be proficient and have appropriate educational background and
training relevant to internal Shariah review. This is because they are required to examine and
evaluate of the adequacy and effectiveness of the IFI system of internal Shariah control. The
guideline also proposed that internal Shariah review be performed according to four stages
planning documentation, examining and evaluating internal Shariah review information,
reporting and follow up.

AAOIFI has made it very clear that they emphasize on both the internal and external mechanism
of check and balance of the Shariah compliance by an IFI similar to the Shariah governance
framework put forth by IFSB.

Comparison of Shariah Review and Audit by BNM, IFSB and AAOIFI

Based on the preceding sections on the structure of Shariah review and audit, there are
similarities and differences between the guidelines and standards issued by BNM, IFSB and
AAOIFI as follows:

Table 2: Comparison of Shariah review and audit by BNM, IFSB and AAOIFI
BNM

IFSB 10

AAOIFI

Shariah audit function to be

performed by a department
similar to internal audit.

External
Shariah
compliance review by
external auditors (i.e. expost Shariah compliance
review)

Shariah review by
external auditors on all
activities of IFI GSIFI
No.
2;
Auditing
Standards for IFI No. 1

Internal
Shariah
compliance review by
Shariah control department
/
designated
internal
auditors
/
Shariah
reviewers

Internal
Shariah
Review
by
an
independent department
similar to internal audit
to examine adequacy &
effectiveness of Shariah
internal control system

Report to Board Audit

Committee
(BAC)
and
Shariah
Committee
on
Shariah matters
(there
is
no
statutory
requirement for external
auditors to undertake Shariah
audit)
Shariah review function /
compliance review by Shariah
officers.
Report to both management
& Shariah Committee

Internationally, the standard setter (AAOFI) and guideline provider (IFSB) called for external
attestation of Shariah compliance by the external auditors. On the other hand, BNM SGF
requires IFIs to practice Shariah audit function which is performed internally.
If one has to decide which from the practice of Shariah compliance review/audit (AAOFI and
IFSB) or Shariah audit (BNM) is better, two issues prevail; independence and scope of
review/audit.
The practice of AAOFI and IFSB results in greater independence and objective review of the
IFIs operations and Shariah compliance, as the external Shariah compliance review is performed
by the third party, minimizing the risk of self review threat. BNMs Shariah audit also lends
independence, albeit its nature as internal assurance. Shariah audit function is independent from
management as the Shariah auditors findings are reported to the BAC, Shariah Committee and
Board of Directors and not to the management.
In term of scope, the external attestation on Shariah compliance (IFSB) and Shariah review are
limited in scope as compared to the Shariah audit scope. For example, external Shariah review of
AAOFI involves the process of examining the extent of IFI compliance in all activities with the
Shariah principles that covers the audit of contracts, agreements, policies, products, transactions,
memorandum and articles of association, financial statements, reports (internal audit & central
bank inspection) and circulars. The scope of review is smaller as compared to the internal
Shariah audit requirement of BNMs SGF. To reiterate, the scope of Shariah audit includes:

Audit of financial statement of IFI

Compliance audit on organizational structure, people and information technology

application system

Review of adequacy of Shariah governance process

Finally, the lack of resources and dependable audit procedures may be among the considerations
for BNM did not require for external Shariah audit to be performed in IFIs. At current, no
examining body and qualification provider produce professional Shariah auditors who may
competently audit IFIs. In term of the technical implementation of Shariah audit, there is also no

10

detailed guide on how it is performed. This is due to the emerging nature of the Islamic finance
and banking.
Current structure and practice of Shariah Review and Audit in Malaysia and Middle East
This section of the paper will highlight the current structure and practices of Shariah review and
audit in Malaysia as disclosed in the annual report of the Bank Islam Malaysia Berhad (BIMB)
and Bank Muamalat Malaysia Berhad (BMMB) and compare it to Faisal Islamic Bank (FIB) and
Abu Dhabi Islamic Bank (ADIB) for financial year 2009. The selection of Malaysian banks were
based on their prominent status as the first and second Islamic bank established in Malaysia
whereas the FIB in Sudan and ADIB in United Arab Emirates were chosen to better understand
the AAOIFI requirements. The information compared is based on content analysis of the selected
annual reports.

Structure of Shariah review and audit in Bank Islam Malaysia Berhad

BIMB, in its 2009 Annual Report disclosed that they have developed a Shariah Compliance Risk
(SCR) Management Policy which consisted of structures such as Board Risk Committee,
Management Risk Control Committee, Shariah Compliance Risk Working Group (SCRWG),
Shariah Department (SD) and Shariah audit function of the Internal Audit Division (IAD) (pp.
88-89, 2009, Annual Report). However, there is no disclosure on the functions, scope and
process of the Shariah audit function in the Internal Audit Function Report (pp. 90-92, 2009,
Annual Report).

With regard to Shariah review practice, BIMB has established the SCRWG, which deliberates all
Shariah non-compliances identified by the SD and its rectification plans and recommends
standards of internal control and appropriate mechanism(s) to ensure effective and efficient
Shariah compliance risk management. SD also provides day-to-day Shariah advice to the
business and support units based on the decisions of the Shariah regulatory councils. Apart from
that, SD work independently of the business and support units in facilitating the process of
identifying, measuring, controlling and monitoring SCRs inherent in the BIMBs operations and
activities. The department also participates in conducting Shariah assessment, audit and other

11

activities together with other relevant business and risk management units, financing committees
and IAD.
Even though BNM guideline on Shariah Governance Framework is made effective 1 January
2011 but the practice of Shariah review and audit is evident in the disclosure of BIMB 2009
Annual Report.

Structure of Shariah review and audit in Bank Muamalat Malaysia Berhad

BMMB discloses in its 2009 Annual Report the establishment of Shariah Department and
Internal Audit Department without further explaining the duties, functions and the reporting
structure. Here, BMMB has adhered to the BNM disclosure requirement as per the Garis
Panduan 8 i (GP8-i), which is the Guideline on Financial Reporting. This is expected because
to date, there is no requirement from BNM to disclose Shariah review and audit practices in their
annual report. Further, the BNM Shariah Governance Framework was made effective only on 1
January 2011.

Structure of Shariah review and audit in Faisal Islamic Bank (Sudan)

FIB discloses the practice of Shariah Review as per AAOIFI GSIFI No. 2, which is external
Shariah audit performed by an independent external auditor as presented in the Auditors Report
(pp. 38, 2009 Annual Report). The report basically mentioned that the financial statements were
prepared in accordance to AAOIFI accounting standards and Islamic jurisprudence. However,
further information on internal Shariah review practices were not explicitly disclosed except that
it can be implied from Sharia Supervisory Board Report (pp. 37, 2009 Annual Report) that such
review has been performed in order for the Shariah Supervisory Board to conclude that all
contracts and operation of the bank, profit distribution and charging losses to investment
account, and zakat computation were in compliance with Islamic jurisprudence.

12

Structure of Shariah review and audit in Abu Dhabi Islamic Bank (United Arab Emirates)
ADIB discloses the practice of periodic internal Shariah audit in the Fatwa & Sharia
Supervisory Boards Report. The function is performed by the Shariah division, which covers
ADIBs executed transactions, namely contracts and operations, distribution of profits, and
assignment of unpermissable returns to charity (pp. 38, 20009 Annual Report). As ADIB
prepares their financial statements in accordance to the International Financial Reporting
Standard, the external audit report were as per International Standards of Auditing with no
explicit disclosure on external Shariah audit performed.
Based on the above comparative analysis, it is evident that that the differences in practices can be
attributed to the different legal and regulatory requirement. Even in the Malaysian context itself,
there appear to be some differences in disclosure practice as certain IFI would voluntarily
disclose while others adhere to the minimum disclosure as per BNM reporting guideline. Further,
we can see that even in the Middle Eastern countries, not all IFI decided to comply with the
AAOIFI standards. Nonetheless, such comparison give us an indication that Shariah review and
audit do have different meaning and scope in the Malaysian as well as in the international
context. It is hoped that the above comparison will provide insights into future research on the
practices of Shariah review and audit performed both locally and internationally.

Conclusion
It can be said that an ideal Shariah governance framework should have both the internal and
external mechanism. Having both mechanism would provide rigorous assurance to the
shareholders, investors and the public that IFIs operations, organizational structure, people and
information technology, in all material aspect are in compliance to Shariah principles and
requirements.
Nonetheless, the current regulatory requirements and practices by IFI is not far from ideal
because we can see the tremendous effort taken by BNM, IFSB and AAOIFI in issuing
guidelines and standards on corporate governance as well as Shariah governance. As the
Malaysian Islamic finance industry grows further, the government and BNM may need to
consider the necessity of having regulations and standards on Shariah external audit as well as
13

the establishment of a professional body of qualified Shariah auditors. Further research need to
be conducted to study such necessities as Malaysia aspires to become the Islamic Finance Hub in
the region.

References
Abu Dhabi Islamic Bank. (2009). Annual Report. United Arab Emirates.
Accounting and Auditing Organization for Islamic Financial Institutions. (1998). Auditing
Standard for Islamic Financial Institutions No.1:Objective and Principles of Auditing.
Bahrain.
Accounting and Auditing Organization for Islamic Financial Institutions. (1999). Governance
Standard for Islamic Financial Institutions No. 2: Sharia Review. Bahrain.
Accounting and Auditing Organization for Islamic Financial Institutions. (1999). Governance
Standard for Islamic Financial Institutions No. 3: Internal Sharia Review. Bahrain.
Bank Islam Malaysia Berhad. (2009). Annual Report. Malaysia.
Bank Muamalat Malaysia Berhad. (2009). Annual Report. Malaysia.
Bank Negara Malaysia. (2004). Guidelines on the Governance of Shariah Committee for the
Islamic Financial Institutions. Kuala Lumpur.
Bank Negara Malaysia. (2011). Shariah Governance Framework for Islamic Financial
Institutions. Kuala Lumpur.
Besar, M.H.A., Sukor, M.E.A., Muthalib, A. and Gunawa, A.Y. (2009). The Practice of Shariah
Review as Undertaken by Islamic Banking Sector in Malaysia. International Review of
Business Research Papers. 5(1), 294-306.
Faisal Islamic Bank. (2009). Annual Report. Sudan.
Islamic Financial Services Board. (2009). IFSB 10: Guiding Principles on Shariah Governance
Systems for Institutions Offering Islamic Financial Services. Kuala Lumpur

14