The Audit of International Commercial Ba Nks
Uploaded by
wveterrThe Audit of International Commercial Ba Nks
Uploaded by
wveterrTHE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
CONTENTS Paragraphs 1. 2. Introduction................................................................................................ Audit Objectives and the Audit Process The objectives ............................................................................................ The process................................................................................................. 3. Defining the Terms of the Engagement ............................................... 4. Planning the Audit Introduction................................................................................................ Gaining a knowledge of the client............................................................ Development of an overall audit plan...................................................... Co-ordinating the work to be performed................................................. 5. Establishing the Degree of Reliance on Internal Control Introduction................................................................................................ Identifying, documenting and testing control procedures ...................... Examples of controls ................................................................................. Inherent limitations of internal control.................................................... Considering the influence of environmental factors............................... Determining the nature, timing and extent of substantive tests ............. 6. Performing Substantive Procedures Introduction................................................................................................ Audit techniques ........................................................................................ Specific substantive procedure considerations........................................ 7. Reporting on the Financial Statements................................................ Appendices Examples of Internal Control Checklists to Assist in Assessing Three Typical Areas of a Banks Operations Examples of Financial Ratios Commonly Used in the Analysis of Bank Financial Condition and Performance Examples of Substantive Audit Procedures for the Evaluation of Loan Loss Provisions 1.1-1.7 2.1-2.3 2.4-2.5 3.1-3.3 4.1-4.2 4.3-4.12 4.13-4.26 4.27-4.28 5.1 5.2-5.12 5.13 5.14 5.15 5.16-5.19 6.1-6.2 6.3-6.10 6.11-6.29 7.1-7.3 I II III
This Statement has been prepared by the International Auditing Practices Committee (IAPC) of the International Federation of Accountants after consultation with the Basle Committee on Banking Supervision* (formerly known as the Committee on Banking Regulations and Supervisory Practices). It was approved for publication by the IAPC at its meeting in November 1989. It has a common release date of February 1990. The purpose of this Statement is to provide practical assistance to auditors in the audit of international commercial banks. It is not intended to have the authority of an International Standard on Auditing.
*The
Basle Committee on Banking Supervision comprises representatives of the central banks and supervisory authorities of the Group of Ten countries (Belgium, Canada, France, Germany, Italy, Japan, Netherlands, Sweden, Switzerland, United Kingdom and United States) and Luxembourg. The supervisory authorities of the countries represented on the Basle Committee attach considerable importance to thorough and reliable standards of external audit. However, there are considerable differences in the way in which individual supervisory authorities use the work of auditors in their supervisory arrangements. Some authorities have specific regulations relating to the scope of the audit and the suggestions made in this Statement are not intended to limit or alter those arrangements but it is hoped that they will be helpful guidance where auditors and supervisors are involved together in the supervisory process.
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
1. 1.1
Introduction The International Auditing Practices Committee (IAPC) of the International Federation of Accountants (IFAC) issues standards (ISAs) on generally accepted auditing practices and on related services and on the form and content of the auditors reports. These standards are intended to improve the degree of uniformity of auditing practices and related services throughout the world. The purpose of this Statement is to provide additional guidance to auditors by amplifying and interpreting these standards in the context of the audit of international commercial banks. It is not, however, intended to be an exhaustive listing of the procedures and practices to be used in such an audit. For the purpose of this Statement:
1.2
a bank is a type of financial institution that is recognized as a bank by the a commercial bank is a bank whose primary function is the acceptance of
regulatory authorities in the countries in which it operates and usually has the exclusive right to use the term bank as part of its name; deposits and the making of loans. A commercial bank will often also offer other financial services such as the purchase and sale of precious metals, foreign currencies and a wide range of financial instruments, the issuance and acceptance of bills of exchange and the issuance of guarantees; and operating offices in countries other than the country of its incorporation or whose activities transcend national boundaries.
an international commercial bank is a commercial bank which has
1.3 While this Statement is primarily directed to the audits of international commercial banks, it has relevance also to the audits of commercial banks which operate solely in one country. The term bank is henceforth used in this Statement to mean an international commercial bank. Banks have the following characteristics which generally distinguish them from most other commercial enterprises:
1.4
They have custody of large volumes of monetary items, including cash and
negotiable instruments, whose physical security has to be assured. This applies both to the storage and the transfer of monetary items and makes banks vulnerable to misappropriation and fraud. They therefore need to establish formal operating procedures, well defined limits for individual discretion and rigorous systems of internal control.
They engage in a large volume and variety of transactions both in terms of
number and value. This necessarily requires complex internal control and in particular, the entitys information system and related business processes relevant to financial reporting, and widespread use of electronic data processing.
They normally operate through a wide network of branches and
departments which are geographically dispersed. This necessarily involves a greater decentralization of authority and dispersal of financial reporting and internal control functions, with consequent difficulties in maintaining
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
uniform operating practices and information systems, particularly when the branch network transcends national boundaries.
They often assume significant commitments without any transfer of funds.
These items, normally called off-balance-sheet items, may not involve accounting entries and consequently the failure to record such items may be difficult to detect.
They are regulated by governmental authorities and the resultant
regulatory requirements often influence generally accepted accounting principles and auditing practices within the industry. 1.5 Special audit considerations arise in the audits of banks because of:
the particular nature of the business risks associated with the transactions
undertaken by banks;
the scale of banking operations and the resultant significant exposures
which can arise within short periods of time;
the extensive dependence on computerized systems to process transactions; the effect of the regulations in the various jurisdictions in which they
operate; and
the continuing development of new products and banking practices which
may not be matched by the concurrent development of accounting principles and auditing practices. 1.6 In many countries banks undertake activities which are not strictly banking activities and which may not be restricted to banks. These activities include insurance, securities brokerage and leasing services. This Statement is not intended to provide guidance in the audit of such activities. This Statement is organized into a discussion of the various stages of the audit of a bank with emphasis being given to those matters which are either peculiar to or of particular importance in such an audit. Also included for illustrative purposes are Appendices which contain examples of:
1.7
typical control procedures likely to exist in three of the major operating
areas of a bank, being the lending, foreign exchange trading and trust activities; condition and performance; and
financial ratios commonly used in the analysis of a banks financial substantive procedures for the evaluation of loan loss provisions.
2. Audit Objectives and the Audit Process The objectives 2.1 ISA 200 Objective and General Principles Governing an Audit of Financial Statements states: The objective of an audit of financial statements is to enable the auditor to express an opinion whether the 3 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
financial statements are prepared, in all material respects, in accordance with an identified financial reporting framework. 2.2 The basic objective of the audit of a bank is therefore to render an opinion based on ISAs or relevant national standards or practices establis hed within the country (relevant auditing standards) on the banks annual financial statements which are prepared in accordance with IASs or applicable financial reporting framework (relevant accounting principles), to the extent they are applicable to banks. The auditor of a bank is also often required to make special purpose reports to banking supervisory and other regulatory authorities. The requirements for such reports vary significantly between countries and this Statement is not intended to provide guidance in the discharge of the auditors responsibilities for such reports.
2.3
The process 2.4 In carrying out the work required to form an opinion on a banks financial statements, the auditors work will be divided into several distinct phases, as contemplated in the ISAs. A schematic representation of these phases is as follows:
2.5
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Defining the terms of the engagement
Planning gaining a knowledge of the client development of an overall plan co-ordinating the work to be performed
Establishing the degree of reliance on internal control identifying, documenting and testing control procedures considering the influence of environmental factors determining the nature, scope and extent of the required substantive procedures
Performing substantive procedures
Reporting on the financial statements
3. 3.1
Defining the Terms of the Engagement As stated in ISA 210 Terms of Audit Engagements: The engagement letter documents and confirms the auditors acceptance of the appointment, the objective and scope of the audit, the extent of the auditors responsibilities to the client and the form of any reports.
3.2
In considering the objective and scope of the audit and the extent of his responsibilities, the auditor needs to assess his own skills and competence and that of his staff to conduct the engagement. In making such an assessment, the auditor should consider the following factors:
the availability of sufficient expertise in the aspects of banking relevant to
the audit of the business activities of the bank;
the adequacy of expertise in the context of the computer information
systems (CIS) and electronic funds transfer (EFT) systems used by the bank; and 5 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
the adequacy of resources and/or inter-firm arrangements to carry out the
work necessary at the number of domestic and international locations of the bank at which audit procedures are likely to be required. 3.3 In issuing an engagement letter, the auditor should, in addition to the general factors set out in ISA 210 Terms of Audit Engagements, consider including comments on the following:
the use and source of specialized accounting principles, with particular
reference to:
any requirements contained in the law or regulations applicable to
banks;
pronouncements of the banking supervisory and other regulatory
authorities and relevant professional accounting bodies; and industry practice;
the contents and format of any special purpose reports required in addition
to the annual financial statements, including the application of special purpose accounting principles and/or special purpose auditing procedures; and auditor and the banking supervisory and other regulatory authorities. 4. Planning the Audit
the nature of any special reporting relationships that may exist between the
Introduction 4.1 ISA 300 Planning states: The auditor should plan the audit work so that the audit will be performed in an effective manner. Plans should be made to cover, among other things:
performing risk assessment procedures to obtain an understanding of the
entity and its environment, including its internal control;
assessing the level of audit risk which includes the risk that material
misstatements will occur and the risk that any remaining material misstatements will not be detected by the auditor;
determining and programming the nature, timing and extent of the audit
procedures to be performed; and
considering the going concern assumption regarding the entitys ability to
continue in operation for the foreseeable future, generally for a period not exceed one year after the balance sheet date. Plans should be further developed and revised as necessary during the course of the audit.
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
4.2
ISA 300 Planning and ISA XX, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, amplify that principle, primarily in the context of recurring audits.
Risk Assessment Procedures 4.3 Obtaining an understanding of the bank entity and its environment will require the auditor to understand:
the economic and regulatory environment prevailing for each of the
countries in which the bank operates; and
the market conditions existing in each of the sectors in which the bank
operates. 4.4 Similarly the auditor will need to acquire and maintain a good working knowledge of the products and services offered by the bank. In acquiring and maintaining that knowledge, the auditor needs to be aware of the many variations in the basic deposit, loan and treasury services that are offered and continue to be developed by banks in response to market conditions. To do so, the auditor needs to understand the nature of services rendered through instruments such as letters of credit, acceptances, interest rate future, forward and swap contracts, and other similar instruments in order to understand the inherent risks and accounting implications thereof. Often a banks loan portfolio has large concentrations of credits to highly specialized industries such as real estate, shipping and natural resources. Evaluating the nature of these may require an understanding of the business and reporting practices of those industries. There are a number of business risks associated with banking activities which, while not unique to banking, are sufficiently important in that they serve to shape banking operations. An understanding of the nature of these risks is fundamental to the auditors performance of the audit as it enables the auditor to assess the risk of material misstatement associated with different aspects of a banks operations and assists in designing further audit procedures in response to assessed risks. The business risks associated with banking activities can be broadly grouped into:
4.5
4.6
4.7
product and service risks; and operating risks.
Some of the important risks in both categories are discussed in subsequent paragraphs.
Product and service risks
4.8 The most significant product and service risk in a bank is usually credit risk, which is the risk that a customer or counterparty will not settle an obligation
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
for full value, either when due or at a time thereafter. Credit risk also ny includes:
country or transfer risk
the risk of foreign customers and counterparties failing to settle their obligations due to economic, political and social factors of the foreign country and external to the customer or counterparty; the risk of failure of a customer or counterparty to perform the terms of a contract. This failure creates the need to replace the failed transaction with another at the current market price. This may result in a loss to the bank equivalent to the difference between the contract price and the current market price; and the risk that one side of a transaction will be settled without value being received from the customer or counterparty. This will result in the loss to the bank of the full principal amount.
replacement risk
settlement risk
To address credit risk, banks have complex and comprehensive systems and procedures devoted to the various aspects of the credit function, including those activities relating to:
origination and disbursement; monitoring; collection; and periodic review and evaluation.
4.9 A large portion of the audit effort will typically be devoted to assessing credit risk and in this regard, the auditor needs to be aware that credit risk will also exist in assets other than loans, such as investments and balances due from other banks and also in off-balance sheet commitments. Other product and service risks include:
4.10
interest rate risk
the risk of loss arising from the sensitivity of earnings to future movements in interest rates. It comprises two elements, being: a. income risk, which is the risk of loss arising when movements in borrowing and lending rates are not perfectly synchronized; and investment risk, which is the risk of loss arising from a change in the value of fixed income securities as a result 1006
b.
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
of interest rate changes.
liquidity risk currency risk
the risk of loss arising from the possibility of the bank not having sufficient funds to meet its obligations; the risk of loss arising from movements in the exchange rates applicable to foreign currency assets, liabilities, rights and obligations; the risk of loss arising from movements in market prices of investments; and the risk of loss arising from factors such as failure to maintain safe custody or negligence in the management of assets on behalf of other parties.
market risk fiduciary risk
4.11
Banking product and service risks increase with the degree of concentration of a banks exposure to any one customer, industry, geographic area or country. Operating risks, primarily arise out of:
Operating risks
4.12
the need to process high volumes of transactions accurately within short
time-frames. This need is almost always addressed through the use of large-scale CIS, with the resultant risks of: causing an inability to receive or make payments for those transactions;
wide-scale error arising from a breakdown in internal control; loss of data arising from system failure; corruption of data arising from unauthorized interference with the
failure to process executed transactions within required time-frames,
system; and exposure to market risks arising from lack of reliable up-to-date financial information.
the need to use EFT systems to transfer ownership of large volumes of
money, with the resultant risk of exposure to loss arising from mispayments through fraud or error; geographic dispersion of transaction processing and internal controls. As a result: product may not be adequately aggregated and monitored; and
the conduct of operations in a number of locations with a resultant
there is a risk that the banks worldwide exposure by customer and by control breakdowns may occur and remain undetected and uncorrected
because of the physical separation between management and those who handle the transactions.
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
the need to monitor and manage significant exposures which can arise over
short time -frames. The process of clearing transactions may cause a significant build -up of receivables and payables during a day, most of which are completed by the end of the day. This is usually referred to as intra-day payment risk. The nature of these exposures can arise from transactions with customers and counterparties and can include interest rate, currency and market risks;
the dealing in large volumes of monetary items, including cash, negotiable
instruments and transferable customer balances, with the resultant risk of loss arising from theft and fraud by employees or other parties; the exposure to:
the use of high gearing (i.e., high debt-to-equity ratios), which results in
the risk of significant erosion of capital resources as a result of a
relatively small percentage loss in asset value;
the risk of being unable to obtain the funds required to maintain
operations at a reasonable cost as a result of a loss of depositor confidence; and
the inherent complexity and volatility of the environment in which banks
operate, resulting in the risk of inappropriate risk management strategies in relation to such matters as the development of new products and services.
the need to adhere to laws and regulations. The failure to do so could result
in exposure to sanctions in the nature of fines or operating restrictions. Development of an overall audit plan 4.13 In developing an overall plan for the audit, the auditor needs to give particular attention to:
the determination of materiality; the assessment of the risk of material misstatement; the expected degree of reliance on internal control; the extent of CIS and EFT systems used by the bank; the work of internal audit; the complexity of the transactions undertaken by the bank and the
documentation in respect thereof;
the existence of significant areas of audit concern not readily apparent
from the banks financial statements;
the existence of related party transactions; the involvement of other auditors; managements representations; and the work of supervisors.
10 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
These matters are discussed in subsequent paragraphs.
Materiality
4.14 In making an assessment of materiality, in addition to the considerations set out in ISA 320 Audit Materiality, the auditor must keep in mind that:
because of high gearing, relatively small errors may have a significant
effect on the statement of earnings and on capital, though they may have an insignificant effect on the balance sheet itself;
as the net income of a bank is low when compared to its gross assets and
liabilities and its off balance sheet commitments, errors which relate only to assets, liabilities and commitments may be less significant than those which could also relate to the statement of earnings; and
banks are often subject to regulatory requirements, such as the requirement
to maintain minimum levels of capital. It would therefore be necessary to set materiality levels which should identify errors and audit differences which, if uncorrected, would result in a significant contravention of such regulatory requirements.
Audit Risk
4.15 The risks associated with banking activities as discussed in paragraphs 4.7 to 4.12 indicate that, in most cases, there is a higher risk of material misstatement. It is therefore necessary to evaluate the design of the banks internal control and determine whether it has been implemented. The auditors understanding of internal control may raise doubts about the auditability of the banks financial statements. The risks of material misstatement exists independently of the audit of financial information and cannot be controlled by the auditor. However, the auditor can assess these risks and so design audit procedures as to produce an acceptable level of detection risk. The extent of CIS and EFT systems 4.16 The high volume of transactions and the short time-frames in which they must be processed typically result in the extensive use by most banks of CIS and EFT systems. The characteristics and control concerns arising from the use of CIS by a bank are similar to those arising when such systems are used by other organizations. However, the matters which are of particular concern to the auditor of a bank include:
the use of CIS to calculate and record substantially all the interest income
and interest expense, which are normally the two most important elements in the determination of a banks earnings;
the use of CIS to determine the foreign exchange and security trading
positions and to calculate and record the gains and losses arising therefrom; and 11 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
the extensive, almost total, dependence on the records produced by the CIS
because they represent the only readily accessible source of detailed up-todate information on the banks assets and liability positions, such as customer loan and deposit balances. EFT systems are used by banks both internally, for example, for transfers between branches and between automated banking machines and the central computerized file which records account activity, and externally between the bank and other financial institutions, for example, through the SWIFT network. In order to properly evaluate internal control and to determine the nature, timing and extent of further audit procedures, the auditor needs to be aware of the extent and manner in which CIS and EFT systems are used by the banks.
Reliance on internal control
4.17 In performing further audit procedures, the auditor generally cannot rely solely on substantive procedures alone because of:
the high volume of transactions entered into by banks; the manner in which transactions are entered into by banks; the geographic dispersion of banks operations; and the extensive use of CIS and EFT systems.
In most situations the auditor will therefore need to place significant reliance on the banks internal control. To do so the auditor will need to carefully evaluate internal control to determine the degree of reliance to place upon the same in determining the nature, timing and extent of other audit procedures.
The work of internal audit
4.18 While the scope and objectives of internal audit can vary widely depending upon the size and structure of the bank and the requirements of those charged with governance and its management, its role normally includes the review of the information system relevant to financial reporting and related control procedures and monitoring their operation and recommending improvements thereto. It also generally includes a review of the means used to identify, measure and report financial and operating information and specific inquiry into individual items including detailed testing of classes of transactions, account balances and relevant control procedures. The factors which often require the auditor to place significant reliance on the banks internal control, will also often require the auditor to use the work of the internal auditor. This is especially relevant in the case of banks which have a large geographic dispersion of branches. Often, as a part of the internal audit department or as a separate component, a bank has a loan review department which reports to management on the quality of loans and the adherence to established procedures in respect thereof. In either case, the auditor will often wish to make use of the work of this department. Detailed guidance on the use of the work of an internal auditor is provided in ISA 610 Considering the Work of Internal Auditing. 12 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
The complexity of transactions undertaken
4.19 Banks undertake transactions which have complex and important underlying features which may not be apparent from the documentation which is used to process the transactions and to enter them into the banks accounting records. This results in the risk that all aspects of a transaction may not be fully or correctly recorded, with the resultant risks of:
loss due to the failure to take timely corrective action; failure to record adequate provisions for loss on a timely basis; and inadequate or improper disclosure in the financial statements and other
reports. Accordingly, the auditor needs to acquire a good understanding of the nature of the transactions and the types of documentation that need examination.
The existence of significant areas of audit concern not readily apparent
4.20 Banks also typically engage in transactions which:
have a low fee revenue or profit element as a percentage of the principal
exposure; and
may not be required by local regulations to be disclosed in the balance
sheet, or even in the notes to the financial statements. Examples of such transactions are guarantees, comfort letters and letters of credit, interest rate and currency swaps and commitments and options to purchase and sell foreign exchange. 4.21 The auditor should review the banks sources of revenue, evaluate the related internal control and perform sufficient audit procedures to obtain reasonable assurance regarding:
the completeness of the accounting records relating to such transactions; the existence of proper controls to limit the banking risks arising from such
transactions;
the adequacy of any provisions for loss which may be required; and the adequacy of any financial statement disclosures which may be
required.
Related party transactions
4.22 The auditor needs to be particularly aware of the risk that where transactions with related parties exist, normal measures of banking prudence, such as credit assessment and the taking of security, may not be appropriately exercised. Management is responsible for the identification and disclosure of related parties. The auditor needs to perform audit procedures to obtain reasonable assurance that:
all significant related parties and related party transactions are identified;
13
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
all such transactions, including their terms and conditions, are properly
authorized and appropriately recorded and disclosed in the banks financial statements; and
the resultant balances outstanding are collectible.
The auditor also needs to be aware of any regulatory guidance or restrictions on related party transactions. ISA 550 Related Parties, defines related parties and provides detailed guidance as to the issues to be considered and the procedures to be performed in respect of related parties. Involvement of other auditors 4.23 As a result of the wide geographic dispersion of offices in most banks, it will often be necessary for the auditor to employ the services of other auditors in a number of the locations in which the bank operates. This is most likely to be achieved through the use of other offices of the auditors firm or through the use of other auditing firms in those locations. Where the auditor is relying on the work of another auditor, he will need to:
4.24
be satisfied as to the independence of those auditors and their competence
to undertake the necessary work (including their knowledge of banking);
ensure that the terms of the engagement, the accounting principles to be
applied and the reporting arrangements are clearly communicated; and
perform procedures to obtain reasonable assurance that the work
performed by the other auditor is adequate for his purpose by discussion with the other auditor, by a review of a written summary of the procedures applied and findings, by a review of the working papers of the other auditor, or in any other manner appropriate to the circumstances.
ISA 600 Using the Work of Another A uditor provides more detailed guidance on the issues to be addressed and procedures to be performed in such situations.
Managements representations
4.25 Managements representations are relevant in the context of a bank audit to assist the auditor in determining whether the information and audit evidence produced to him is complete for the purposes of his examination. This is particularly true of the banks transactions which are not normally reflected in the financial statements, but which may be evidenced by other records of which the auditor may not be aware. It is often also necessary for the auditor to obtain from the management representations regarding significant changes in the banks business and its risk profile and also to identify areas of a banks operations where audit evidence likely to be obtained may need to be supplemented by managements representations. ISA 580 Management Representations provides guidance as to the use of management representations as audit evidence, the procedures that the auditor should apply in evaluating and documenting them, and the circumstances in which representations should be obtained in writing.
14
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
The work of supervisors
4.26 There are many tasks performed by auditors and bank supervisors which are common in nature, including:
the performance of analytical procedures; the obtaining of assurance regarding the existence satisfactory internal
control structure; and risks. The auditor would therefore find it advantageous to interact with the supervisors and to have access to communications which the supervisors may have addressed to the bank management on the results of their work. The assessment made by the supervisors in important areas such as the adequacy of provisions for bad and doubtful loans and the prudential ratios used by the supervisors can be of assistance to the auditor in performing analytical reviews and in focusing attention on specific areas of supervisory concern. The International Auditing Practice Statement 1004 The Relationship Between Bank Supervisors and External Auditors issued in July 1989 by the IAPC in association with the Basle Committee provides information and guidance on the relationship between bank auditors and supervisors. Co-ordinating the work to be performed 4.27 Given the size and geographic dispersion of most banks, the co-ordination of the work to be performed will be important in achieving an efficient and effective audit. The co-ordination required s hould take into account the following factors:
the review of the quality of a banks assets and the assessment of banking
the work to be performed by:
various members of the auditors staff; other offices of the auditors firm; and other audit firms;
the extent to which it is proposed to use the work of the internal auditor; required reporting dates to shareholders and the regulatory authorities; and the need for any special analyses and other documentation to be provided
by bank management. 4.28 The best level of co-ordination between senior staff involved in the audit can often be achieved by audit planning and regular audit-status meetings. However, given the number of staff involved in the audit and the number of locations at which they will be involved, the auditor will usually find it most effective to communicate all or relevant portions of the audit plan in writing. When setting out his requirements in writing, the auditor should consider including commentary on the following matters:
15
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
the financial statements and other information which is to be subjected to
audit (and if considered necessary, the authority under which the audit is being conducted);
details of any additional information needed by the auditor [e.g.,
information on certain loans, portfolio composition, narrative commentary on the audit work performed (especially on the areas of risk described in paragraphs 4.7 to 4.12 which are important to the bank) and on the results of the operation, points for inclusion in letters to management on internal control, local regulatory concerns, income tax assessment status reports], and if relevant, the formats of any required reports;
the relevant auditing standards to be applied to the work conducted (and, if
considered necessary, information on those standards);
the relevant accounting principles to be followed in the preparation of the
financial statements and other information (and, if considered necessary, the details of those principles);
interim audit status reporting requirements and deadlines; particulars of clients officials to be contacted; fee and billing arrangements; and any concerns of a regulatory, internal control, accounting or audit nature of
which the local auditor should be aware. 5. Establishing the Degree of Reliance on Internal Control
Introduction 5.1 Managements responsibilities include the maintenance of adequate internal control, the selection and application of accounting policies, and the safeguarding of the assets of the entity. The auditor is required to obtain a sufficient understanding of the internal control to plan the audit and develop an e ffective audit approach. After obtaining the understanding, the auditor should consider the assessment of control risk to determine the appropriate detection risk to accept for the financial statement assertions and to determine the nature, timing and ext ent of substantive procedures for such assertions. Where the auditor assesses control risk at a lower level, substantive procedures would normally be less extensive than would otherwise be required and may also differ as to their nature and timing. Identifying, documenting and testing the operating effectiveness of control procedures 5.2 ISA 400 Risk Assessments and Internal Control sets out four objectives of internal controls, as follows:
transactions are executed in accordance with managements general or
specific authorization;
16
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
all transactions and other events are promptly recorded in the correct
amount, in the appropriate accounts and in the proper accounting period so as to permit preparation of financial statements in accordance with an identified financial reporting framework;
access to assets is permitted only in accordance with managements
authorization; and
recorded assets are compared with the existing assets at reasonable
intervals and appropriate action is taken regarding any differences. In the case of banks, a further objective is to ensure that the bank adequately fulfills its fiduciary responsibilities arising out of its trustee activities. The audit considerations in relation to each of these objectives are discussed in the subsequent paragraphs.
Transactions are executed in accordance with managements general or specific authorization.
5.3 The primary responsibility for the control structure in a bank rests with the board of directors and its committees which are responsible for governing the banks operations. However, since the operations of banks are generally large and geographically dispersed, decision-making functions need to be decentralized and the authority to commit the bank to material transactions is usually dispersed geographically and delegated among the various levels of management and staff. Such dispersion and delegation will almost always be found in the lending, treasury and funds transfer functions, where, for example, payment instructions are sent via a tested message. This feature of banking operations creates the need for a structured system of delegation of authority, resulting in the formal identification and documentation of:
employees who can authorize specific transactions; procedures to be followed in granting that authorization; and limitations on the amounts that can be authorized, by individual employee
and/or by staff level, as well as any requirements that may exist for concurring authorization. It also creates the need to ensure that appropriate procedures exist for monitoring the level of exposures. This will usually involve the aggregation of exposures, not only within, but across the different activities, departments and offices of the bank. 5.4 An examination of the authorization controls will be important to the auditor in satisfying himself that transactions have been entered into in accordance with the banks policies and, for example, in the case of the lending function, that they have been subject to appropriate credit assessment procedures prior to the disbursement of funds. The auditor will typically find that limits for levels of exposures will exist in respect of various transaction types. The auditor will wish to ensure that these limits are reasonable, are being adhered to and that positions in excess of these limits are reported to the appropriate level of management on a timely basis.
17
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
5.5
From an audit perspective, the proper functioning of a banks authorization controls will be particularly important in respect of transactions entered into near the date of the financial statements, where aspects of the transaction will have yet to be fulfilled, or where there is a lack of evidence on which to assess the value of the asset acquired or liability incurred. Examples of such transactions are commitments to purchase or sell specific securities after the year-end and loans, where principal and interest payments from the borrower have yet to fall due.
All transactions and other events are promptly recorded in the correct amount, in the appropriate accounts and in the proper accounting period so as to permit preparation of financial statements in accordance with an identified financial reporting framework.
5.6 In assessing the appropriateness of the individual internal controls used to ensure that all transactions are properly recorded, the auditor will need to take into account a number of factors which are especially important in a banking environment. These are as follows:
Banks deal in large volumes of transactions, which can individually and
cumulatively involve large amounts of money. Accordingly, the bank will need to have balancing and reconciliation procedures which are operated within a time-frame that provides the ability to detect errors and discrepancies so that they can be investigated and corrected with a minimal risk of loss to the bank. Such procedures may be operated hourly, daily, weekly, or monthly, depending on the volume, nature of the transaction, level of risk, and transaction settlement time-frame. accounting rules. It will therefore be necessary to have control procedures in place to ensure those rules are applied in a manner and in a time-frame which results in the generation of accounting entries that may be required for the preparation of appropriate financial information for management and external reporting. Examples of such control procedures are those which result in the market revaluation of foreign exchange and security purchase and sale commitments so as to ensure that all unrealized profits and losses are recorded.
Many of the transactions entered into by banks are subject to specialized
Many transactions entered into by banks are not disclosed in the balance
sheet or even in the notes to the financial statements. Accordingly, control procedures must be in place to ensure that such transactions are recorded and monitored in a manner which provides management with the required degree of control over them and which allows for the prompt determination of any change in their status which needs to result in the recording of a profit or loss.
New financial products and services are constantly being developed by
banks. The auditor needs to obtain reasonable assurance that necessary revisions are made in accounting procedures and related internal controls. processed through the systems or of the maximum exposure to loss during the course of a business day. This is particularly relevant in executing and 18 1006
End of day balances may not be indicative of the volume of transactions
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
processing foreign exchange and securities transactions. Assessment of controls in these areas must take into account the ability to maintain control during the period of maximum volumes or maximum financial exposure.
The majority of banking transactions must be recorded in a manner which
is capable of being verified both internally and by the banks customers and counterparties. The level of detail to be recorded and maintained on individual transactions must allow for bank management, transaction counterparties, and the banks customers to verify the accuracy of the amounts. An example of such a control is the continuous verification of foreign exchange trade tickets by having an independent employee match them to incoming confirmations from counterparties.
5.7
The extensive use of CIS and EFT systems will have a significant effect on how the auditor evaluates a banks accounting system and related internal controls. ISA 400 Risk Assessments and Internal Control, and International Auditing Practice Statement 1008 Risk Assessments and Internal Control CIS Characteristics and Considerations, provide guidance on the CIS aspects of such an evaluation. In carrying out his study and evaluation of the CIS, the auditor will need to ensure that his procedures include an assessment of those controls which affect system development and modifications, system access and data entry, the security of communications networks, and contingency planning. To the extent that the use of EFT is within the bank, similar considerations will apply. To the extent that the EFT systems are external to the bank, the auditor will need to give additional emphasis to the assessment of the integrity of pre-transaction supervisory controls and post-transaction confirmation and reconciliation procedures.
Access to assets is permitted only in accordance with managements authorization.
5.8 The assets of a bank are often readily transferable, of high value and of a form which cannot be safeguarded solely by physical procedures. In order, therefore, to ensure that access to assets is permitted only in accordance with managements authorization, a bank generally uses controls such as:
passwords and joint access arrangements to limit CIS and EFT system
access to authorized employees;
segregation of the record-keeping and access functions (including the use
of computer generated transaction confirmation reports available immediately and only to the employee in charge of the record-keeping functions); and an independent employee.
frequent third-party confirmation and reconciliation of asset positions by
5.9 The auditor will need to obtain reasonable assurance that each of these controls is operating effectively. However, given the materiality and transferability of the amounts involved, he will also usually wish to review and/or participate in the confirmation and reconciliation procedures that occur in connection with the preparation of the year-end financial statements. 19 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Recorded assets are compared with the existing assets at reasonable intervals and appropriate action is taken regarding any differences.
5.10 The large amounts of assets handled by banks, the volumes of transactions undertaken, the potential for changes in the value of those assets due to fluctuations in market prices and the importance of confirming the continued operation of access and authorization controls will necessitate the frequent operation of reconciliation controls. This will have particular importance in regard to:
assets in negotiable form, such as cash, bearer securities and assets in the
form of deposit and security positions with other institutions where failure to detect errors and discrepancies on a timely basis (which may be daily where money market transactions are involved) could lead to an irrecoverable loss. The reconciliation procedures used to achieve this control objective will normally be based on physical counting and third party confirmation; and
assets whose value is determined with reference to external market prices,
such as securities and foreign exchange contracts. 5.11 In designing an audit strategy to assess the effectiveness of a banks reconciliation controls, the following factors should be considered:
Because of the number of accounts requiring reconciliation and the
frequency with which these reconciliations need to be performed:
a large portion of the audit effort will need to be directed to the
documentation, testing and evaluation of the reconciliation controls; and
the work of the internal auditor will also be similarly directed. The
auditor therefore can usually make use of the work of the internal auditor.
Since reconciliations are cumulative in their effect, most reconciliations
can be satisfactorily audited at the year-end date, assuming that they are prepared as at that date, within a time-frame useful to the auditor and that the auditor is satisfied that the reconciliation control procedures are effective.
The auditor needs to obtain reasonable assurance in examining a
reconciliation that items have not been improperly transferred to other accounts which are not subject to reconciliation and investigation in the same time -frame.
Fiduciary duties are adequately fulfilled
5.12 The main objectives of internal control with regard to the fiduciary activities of a bank are to ensure that:
all duties arising from fiduciary relationships are adequately fulfilled; and all assets in the banks custody, arising from fiduciary relationships are
adequately safeguarded and properly recorded.
20
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
An essential feature of the system is the proper segregation of fiduciary assets from the banks own assets and the discharge of fiduciary responsibilities by a separate department or by a subsidiary of the bank. Examples of controls 5.13 Appendix 1 to this Statement contains examples of controls over authorization, recording, access and reconciliation normally found n the i credit, foreign exchange trading and trust activities of a bank.
Inherent limitations of internal control 5.14 ISA 400 Risk Assessments and Internal Control describes the procedures to be followed by the auditor in identifying, documenting and testing internal controls. In doing so, the auditor should be aware of the inherent limitations of internal control and of the fact that in the context of a banks operations there may be transactions which are of such a size and importance to the banks financial statements that reliance on the results of testing internal control alone cannot replace the need to have actual inspection of the underlying documentation.
Considering the influence of environmental factors 5.15 In assessing the effectiveness of specific control procedures, the auditor should consider the environment in which internal control operates. Some of the factors which may be considered are:
the organizational structure of the bank and the manner in which it
provides for the delegation of authority and responsibilities;
the quality of management supervision; the extent and effectiveness of the internal audit system; the quality of key personnel; and the degree of inspection by supervisory authorities.
Determining the nature, timing and extent of substantive tests 5.16 As a result of his evaluation of the system of internal control, the auditor should be in a position to determine the nature, timing and extent of the substantive tests to be performed on individual account balances and other information contained in the banks financial statements. The risks and factors that served to shape the banks systems of internal control will need to be considered by the auditor in designing these substantive tests. In addition, there are a number of audit considerations significant to these risk areas to which the auditor should direct his attention. These are discussed in subsequent paragraphs. In addressing the audit considerations affecting product and service risks, the auditor should consider the need to:
5.17
physically examine, confirm and reconcile negotiable items as of the yearend date;
21
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
specifically test balances which are individually significant through
procedures such as examinations of underlying documentation and thirdparty confirmations; and
examine post year-end transactions and events for evidence of impairment
of value at the year-end date. 5.18 In addressing the audit considerations affecting operating risks, the auditor should consider the need to:
carry out certain tests prior to the year-end in order to complete the audit
on a timely basis;
use computer-assisted audit techniques such as the use of interrogation
software to achieve the desired extent of testing in the time-frame available;
use statistical sampling techniques where there are a large number of
homogeneous accounts or transactions of which the auditor wishes to examine a representative sample;
use analytical review techniques to detect conditions of audit concern. This
may be more cost efficient than to test a satisfactory sample of items;
be satisfied as to the appropriate reconciliation of asset and liability
accounts with counterparties (i.e., nostro and vostro accounts with other banks) so as to provide assurance on the propriety and accuracy of completed transactions with those counterparties;
establish a basis of reliance on the work of the internal auditor as a means
of obtaining satisfactory coverage both geographically and in terms of the extent of transaction and account balance coverage;
ensure that audit staff and representatives conducting examinations at other
locations of the bank are appropriately instructed and that the results of their work are properly reviewed;
ensure that all significant principal positions and related unrealized profits
and losses have been recorded;
be satisfied as to the viability of the bank by considering evidence of
factors such as funding difficulties which could call into question the going-concern assumption;
assess the implications on the banks financial position of non-compliance
with regulatory rules and guidelines; and
assess the implications on the banks position of non-compliance with its
fiduciary duties, with particular reference to those duties relating to the safekeeping of assets held in trust. 5.19 The above considerations generally determine the specific substantive procedures to be carried out by the auditor. These are further discussed in Section 6.
22
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
6.
Performing Substantive Procedures
Introduction 6.1 The nature, timing and extent of the specific substantive procedures to be performed on the financial statement balances will be based on the auditors assessment of inherent and control risk. As stated in ISA 500 Audit Evidence: Substantive procedures means tests performed to obtain audit evidence to detect material misstatements in the financial statements and are of two types: (a) (b) tests of details of transactions and balances; and analytical procedures.
6.2
ISA 500 Audit Evidence goes on to state: When obtaining audit evidence from substantive procedures, the auditor should consider the sufficiency and appropriateness of audit evidence from such procedures together with any evidence from tests of control to support financial statement assertions. Financial statement assertions are assertions by management, ex plicit or otherwise, that are embodied in the financial statements. They can be categorized as follows: Existence Rights and Obligations an asset or a liability exists at a given date an asset or a liability pertains to the entity at a given date a transaction or event took place which pertains to the entity during the period there are no unrecorded assets, liabilities, transactions or events, or undisclosed items an asset or liability is recorded at an appropriate carrying value
Occurrence
Completeness
Valuation
23
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Measurement
a transaction or event is recorded at the proper amount and revenue or expense is allocated to the proper period an item is disclosed, classified, and described in accordance with the applicable, financial reporting framework
Presentation and Disclosure
Audit techniques 6.3 To address the assertions discussed above, the auditor will find that the procedures particularly important to the examination of a banks accounts are:
analytical procedures; inspection; and inquiry and confirmation.
A discussion of their application in a bank audit context is contained in the following paragraphs:
Analytical Procedures
6.4 As defined by ISA 500 Audit Evidence, analytical procedures consist of the analysis of significant ratios and trends including the resulting investigation of fluctuations and relationships that are inconsistent with other relevant information or deviate from predicted amounts. A bank will invariably have individual assets (e.g., loans and, possibly, investments) which are of such a size that the auditor will wish to examine their documentation individually. However, in respect of most items, the use of analytical procedures techniques will prove to be a particularly important and useful procedure for the following reasons:
6.5
Normally the two most important elements in the determination of a
banks earnings are interest income and interest expense. These have direct relationships to interest bearing assets and interest bearing liabilities, respectively. To establish the reasonableness of these relationships, the auditor can examine the degree to which the reported income and expense vary from the amounts calculated on the basis of average balances outstanding and the banks stated rates during the year. This examination would usually be made in respect of the categories of assets and liabilities used by the bank in the management of its business. Such a study could, for example, highlight the existence of significant amounts of nonperforming loans. In addition, the auditor may also wish to assess the reasonableness of the stated rates to those prevailing in the market during the year for similar classes of loans and deposits. Evidence of rates charged or allowed above market rates may, in the case of loan assets , indicate the existence of excessive risk, or, in the case of deposit liabilities, may indicate liquidity or funding difficulties. Similarly, fee income which 24 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
is also a large component of a banks earnings, will often bear a direct relationship to the volume of obligations on which the fees have been earned.
The accurate processing of the high volume of transactions entered into by
a bank and the need for the auditor to rely on the continued and appropriate operation of the banks internal controls can benefit from the review of ratios and trends and of the extent to which they vary from previous periods, budgets and the results of other similar entities.
The analytical review of account composition is an important method by
which the auditor can detect certain conditions of audit concern, such as undue concentration of risk of particular industries or geographic areas and potential exposure to interest rate, currency and maturity mismatches.
In most countries there is widespread availability of statistical and
financial information available from regulatory and other sources which the auditor can use to conduct an in-depth analytical review of trends and peer group analyses. Appendix 2 to this Statement contains examples of the most frequently used ratios in the banking industry.
Inspection
6.6 As defined by ISA 500 Audit Evidence, inspection consists of examining records, documents, or tangible assets. The auditor inspects in order to:
satisfy himself as to the physical existence of negotiable assets available
with the bank; and
ensure he has the necessary understanding of the terms and conditions of
agreements which are significant individually or in the aggregate in order to:
assess their enforceability; and be satisfied as to the appropriateness of the accounting treatment they
have been given. 6.7 Examples of areas where inspection is used as an audit technique are:
bullion; securities; loan agreements; commitment agreements, such as:
asset sales and repurchases guarantees.
6.8
In carrying out inspection procedures, the auditor should be particularly vigilant regarding the existence of assets held in a fiduciary capacity. He needs to obtain reasonable assurance that adequate internal controls exist for the proper segregation of such assets from those which are the property of the bank. 25 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Inquiry and Confirmation
6.9 As defined by ISA 500 Audit Evidence, inquiry consists of seeking information of knowledgeable persons inside or outside the entity. Confirmation consists of the response to an inquiry to corroborate information contained in the accounting records. The auditor inquires and confirms in order to:
obtain evidence of the operation of internal controls; obtain evidence of the recognition by the banks customers and
counterparties of amounts, terms a conditions of certain transactions; nd and records.
obtain information not immediately available from the banks accounting
Due to the existence in a bank of significant amounts of monetary assets and liabilities and of off-balance-sheet commitments, confirmation of balances often proves to be relatively the safest and most practical method of determining the existence and completeness of the amounts of assets and liabilities disclosed in the financial statements. 6.10 Examples of areas for which the auditor may use confirmation, either as a compliance or a substantive audit procedure, are:
collateral security positions on specific loans; asset, liability and forward purchase and sale positions with customers and
counterparties such as:
outstanding foreign exchange transactions; nostro and vostro accounts; securities held by third parties; loan accounts; deposit accounts; guarantees; and letters of credit.
Specific substantive procedure considerations 6.11 Paragraphs 6.13 to 6.29 identify the audit objectives which are usually of particular importance in relation to the typical items in a banks financial statements. They also describe some of the audit considerations which would be helpful to the auditor in planning his substantive procedures and suggest some of the techniques which could be used in relation to the items selected by the auditor for his examination. In addition to the specific financial statement items addressed in paragraph 6.13 to 6.29, the auditor will need to consider the audit procedures required in connection with the banks fiduciary activities in the context of their effect on the banks financial statements. In conducting such procedures, the auditor will need to obtain reasonable assurance that: 26 1006
6.12
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
all the banks income from such activities has been recorded and is fairly
stated in the banks financial statements;
the bank has not incurred any material liability from a breach of its
fiduciary duties, including the safekeeping of assets; and
in the event that the bank discloses the nature and extent of its fiduciary
activities in the notes to its financial statements, that such information is fairly stated.
27
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Financial Statement Item 6.13 Bullion Existence
Audit Objectives and Considerations of Particular Importance
Because bullion is generally similar in appearance and hence easily interchangeable, the auditor should consider the need for confirmation or physical inspection and tests of reconciliations of the results of physical counts to the accounting records of the amounts held by the bank on its own account and on behalf of customers. As an understanding of the circumstances under which bullion may be held by a bank is necessary to an understanding of how it is accounted for, the audit considerations that relate to the verification of its existence are commented on in conjunction with the discussion below of Rights and Obligations. Rights and Obligations Where a bank holds bullion on behalf of customers, the auditor will encounter two possible sets of circumstances, being; 1. The bullion held on behalf of customers is allocated (i.e., the bullion received on deposit is specifically identified and the depositor is entitled to have the identified bullion returnedthis is equivalent to a fiduciary arrangement); or the bullion held on behalf of customers is unallocated (i.e., the bullion received on deposit is not specifically identified but the bank acknowledges receipt of the bullion by general description, specification and weight and the depositor is not entitled to have the specific bullion returnedthis is equivalent to a deposit of money, which the bank will in turn attempt to lend to customers requiring loans denominated in bullion). Where the bank holds bullion on its own account (i.e., as a result of its own dealing position) and also on behalf of customers, the auditor will be concerned to ensure that the bullion of each party has been appropriately segregated and accounted for. When the bullion held on behalf of customers is held in common custody with the banks own bullion, the bank will need to ensure there has been a physical count of the bullion on hand and a reconciliation of the results of that count to the 28 1006
2.
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
accounting records of the amounts held by the bank on its own account and on behalf of customers. When the bullion held on behalf of customers is held in separate custody, the auditor will need to obtain reasonable assurance as to the adequacy of the system of internal control, failing which, he will need to ensure there has been a physical count and reconciliation as described above. Where the bank has a dealing position in bullion, the audit considerations will be generally similar to those discussed with respect to foreign exchange (see 6.17). However, in establishing the physical existence of the banks bullion position, the auditor needs to be aware that some portion of the banks long positions may be in the custody of other banks or bullion dealers and that the bank may have itself borrowed and sold bullion from the unallocated bullion deposits of customers, thereby creating short positions. 6.14 Balances with other banks Existence The auditor should consider the need for thirdparty confirmation of the balance. Because the balances held with other banks will usually be the result of large volumes of transactions, the receipt of confirmations from those other banks is likely to provide more conclusive evidence as to the existence of the transactions and of the resultant inter-bank balances than is the testing of the related internal controls. Guidance on inter-bank confirmation procedures, including terminology and the content of confirmation requests, can be found in the International Auditing Practice Statement 1000 Inter-Bank Confirmation Procedures. Valuation The auditor should consider whether there is a need to assess the collectability of the deposit in light of the credit-worthiness of the depository bank. The procedures required in such an assessment will be similar to those used in the audit of loan valuation, discussed later.
29
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Presentation and Disclosure The auditor should consider whether the balances with other banks as at the date of the financial statements are representative of bona-fide commercial transactions or whether any significant variation from normal or expected levels is indicative of transactions entered into primarily to give a misleading impression of the financial position of the bank and/or to improve liquidity and asset ratios (often known as window-dressing). Where window-dressing occurs in a magnitude which may distort the true and fair view of the financial statements, the auditor may consider the need for the adjustment of the balances shown on the financial statements, additional disclosure in the notes, or qualification in the audit report. 6.15 Money market paper Existence The auditor should consider the need for physical inspection and confirmation with external custodians and the reconciliation of these related amounts with the accounting records. Rights and Obligations The auditor should consider the feasibility of checking for receipt of the related income as a means of establishing ownership. The auditor should examine for the existence of sale and forward repurchase agreements for evidence of unrecorded liabilities and losses. Valuation The auditor should consider the appropriateness of the valuation techniques employed, in light of the creditworthiness of the issuer. Measurement The auditor should consider whether there is a need to ensure that income earned on money market instruments, which in some cases will be through the amortization of a purchase discount, has been accrued. 6.16 Trading securities Existence The auditor should consider the need for physical inspection of securities and confirmation with external custodians and the reconciliation of these amounts with the accounting records. 30 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Rights and Obligations The auditor should consider the feasibility of checking for receipt of the related income as a means of establishing ownership. The auditor should examine for the existence of sale and forward repurchase agreements for evidence of unrecorded liabilities and losses. Valuation Since trading securities are normally carried at market value or at the lower of cost and market value, the auditor should ensure that securities whose market value has increased are not arbitrarily transferred from the Investment Account (see 6.18) primarily so that an unrealized gain can be taken into income. 6.17 Other financial assets (a) those involving a current investment of funds (e.g., blocks of loans purchased for resale, purchases of securitized assets such as mortgage backed securities) Rights and Obligations The auditor should examine the underlying documentation supporting the purchase of such assets in order to ensure that all rights and obligations, such as warranties and options, have been properly accounted for. Completeness Due to the continuing development of new financial instruments, there is often a lack of established procedures between participants and within the bank. Many of these transactions are entered into orally, with written documentation being completed subsequently, and therefore, the auditor should assess the adequacy of the system of internal control, particularly with respect to:
the adequacy of the procedures and the division
of duties regarding the matching of documentation received from counterparties and reconciliation of accounts with counterparties; and
the adequacy of internal audit review.
31
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
The auditor will also find it useful to examine post year-end transactions for evidence of items that should have been recorded in the year-end financial statements. Valuation The auditor should consider the appropriateness of the valuation techniques employed. Since there may not be established markets for such assets, it may be difficult to obtain independent evidence of value. Additionally, even where such evidence exists, there may be a question as to whether there is sufficient depth to existing markets to rely on quoted values for the asset in question and for any related offsetting hedge transactions which the bank has entered into in those markets. Presentation and Disclosure Since many of the items included in this category of assets could, in accordance with relevant accounting principles, also be included in other asset categories, the auditor should consider whether such assets have been included in the appropriate financial statement item. (b) those not involving the current investment of funds, being: those involving the option or commitment to purchase an asset (e.g., securities and foreign currencies) Rights and Obligations The auditor should examine the underlying documentation supporting such transactions in order to ensure that all rights and obligations, such as warranties and options, have been properly accounted for. Completeness Similar considerations as applicable to item a) above will arise. Valuation In addition to the audit considerations mentioned in a) above, which are also applicable to this item,
32
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
those involving the option or commitment to deposit funds
those
the following additional considerations would arise:
Where market values need to be considered, but
are not available, the auditor should ensure that appropriate alternative valuation techniques have been employed, based, where appropriate, on current interest or foreign exchange rates. developed only recently, the auditor should examine their valuation with a special degree of caution, and in doing so should bear in mind the following factors:
in most cases the enforceability of the terms in
involving the option or commitment to exchange future payments or receipts (e.g., interest rate swaps)
As many of these instruments have been
the underlying agreements cannot be evaluated against legal precedents, as such precedents may not have been established;
as there are normally relatively few employees
involved in managing the portfolio of such instruments, there will be a relatively small number of management personnel who are familiar with the inherent risks of these instruments; and
most of these instruments will not have existed
through a full economic cycle (bull and bear markets, high and low interest rates, high and low trading and price volatility) and it may therefore be more difficult to assess their value with the same degree of certainty as for more established instruments. Additionally, for the same reason, it may be difficult to predict with any degree of certainty the price correlation with other offsetting instruments used by the bank to hedge its positions. Measurement The auditor should satisfy himself as to the purpose for which the transaction resulting in the instrument was entered into, namely whether the bank was dealing as principal to create a dealing position or as principal, intermediary or broker for hedge purposes. The purpose will determine the appropriate accounting treatment. Since settlement of such transactions is at a future date, the auditor should consider whether a profit or loss has arisen to date. The auditor should be particularly vigilant for reclassification of hedging and trading trans33 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
actions/positions which may have been made primarily with a view to taking advantage of differences in the timing of profit and loss recognition. Presentation and Disclosure In some countries the relevant accounting principles will require the recording of accrued gains and losses on open positions, whether or not these positions are recorded on the balance sheet. In other countries there is only an obligation to disclose the commitment. Where the latter is the case, the auditor should consider whether the unrecorded amounts are of such significance as to require a disclosure in the financial statements and/or qualification in the audit report. 6.18 Investments (long-term) Presentation and Disclosure The auditor should consider whether the stated objectives at the time such securities are purchased and subsequent trading activity in those securities provides support for their classification as long-term investments or whether they should more properly be classified as trading securities. Valuation Where securities have been transferred from the Trading Account, the auditor should ensure that any unrealized losses in market value are recorded if so required by relevant accounting principles. (b) Non-marketable Valuation The auditor should examine the value of the assets supporting the security value. The auditor also should consider the implications of any legal or practical requirement for the bank to provide future financial support to ensure the maintenance of operations (and hence the value of the investment) of subsidiaries and associated companies. In certain cases there will be a need to ensure that the related financial obligations are recorded as liabilities of the bank. The auditor should ensure that appropriate adjustments are made when the accounting policies of companies which are accounted for on an equity basis or are consolidated do not conform to those of the bank. 34 1006
(a) Marketable
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
6.19 Loans (comprising advances, bills of exchange, letters of credit, acceptances, guarantees, and all other lines of credit extended to customers, including those in connection with foreign exchange and money market activities) personal commercial government
domestic foreign
Valuation The major audit concern is the adequacy of the recorded provision for loan losses. In establishing the nature, extent and timing of the work to be performed, the auditor should consider the following factors:
The degree of reliance it is reasonable to place on
the banks system of loan quality classification, on its procedure for ensuring that all documentation is properly completed, on its internal loan review procedures and on the work of the internal auditor.
Given the relative importance of foreign lending,
there is also usually a need for the auditor to examine:
the information on the basis of which the bank
assesses and monitors the country risk and the criteria (e.g., specific classifications and valuation ratios) it uses for this purpose;
whether and, if so, by whom credit limits are
set for the individual countries, what they are and the extent to which they are being utilized; and country.
how the foreign loans are distributed by
The composition of the loan portfolio, with
particular attention to:
the concentration of loans to specific:
borrowers and parties connected to them
(including the procedures in place to identify such connections);
commercial and industrial sectors; geographic regions; and countries;
the size of individual credit exposures (few
large loans versus numerous small loans);
the trends in loan volume by major categories,
especially categories having exhibited rapid growth, and in delinquencies, non-accrual and restructured loans; and
related party lending.
35
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Identified potential problem loans, with particular
attention to:
the previous loss and recovery experience,
including the adequacy and timeliness of provisions and charge-offs; and
results of regulatory examinations.
Local, national and international economic and
environmental conditions, including restrictions on the transfer of foreign currency which may affect the repayment of loans by borrowers. In addition to those problem loans identified by management and, where applicable, by bank regulators, the auditor should consider additional sources of information to determine those loans which may not have been so identified. These include:
various internally generated listings, such as
watchlist loans, past due loans, loans on nonaccrual status, loans by risk classification, loans to insiders (including directors and officers), and loans in excess of approved limits;
historical loss experience by types of loan; and those loan files lacking current information on
borrowers, guarantors or collateral. 6.20 Accounts with depositors, including: (a) General deposits Completeness Given the volume and value of deposit transactions, the auditor should assess the adequacy of the related system of internal control and perform confirmation and analytical review procedures on average balances and on interest expense to assess the reasonableness of the recorded deposit balances. Presentation and Disclosure The auditor should ensure that deposit liabilities are classified in accordance with regulations and relevant accounting principles. Where deposit liabilities have been secured by specific assets, the auditor should consider the need for appropriate disclosure.
36
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
The auditor should also consider the need for disclosure where the bank has a funding risk due to economic dependence on a few large depositors or where there is an excessive concentration of deposits due within a specific time-frame. (b) Items in transit Existence The auditor should ensure that items in transit between branches, between the bank and its consolidated subsidiaries and between the bank and counterparties are eliminated and that reconciling items have been appropriately addressed and accounted for. Additionally, the auditor should examine individual items comprising the balance which have not been cleared within a reasonable time period and should also consider whether the related internal control procedures are adequate to ensure that such items have not been temporarily transferred to other accounts in order to avoid their detection. 6.21 Capital and reserves Presentation and Disclosure The auditor should ensure that capital and reserves are adequate for regulatory purposes (e.g., to meet capital adequacy requirements) and that disclosure is both appropriate and in accordance with legal requirements. In addition, where applicable regulations provide for restrictions on the distribution of retained earnings, the auditor should assess whether they are adequately disclosed. The auditor should also determine whether the requirements of the International Accounting Standards or local regulations with respect to the disclosure of hidden reserves have been complied with (see also paragraph 7.3).
37
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
6.22 Contingencies and Commitments (e.g., commitments to lend funds and to guarantee repayment of funds by customers to third parties)
Completeness Because most commitments and contingencies are often not recorded in the banks accounting records, the auditor should:
identify those activities which have the potential
to generate contingent liabilities;
ascertain, with regard to these activities whether
the banks system of internal control is adequate, particularly with regard to the records maintained for such obligations to ensure that contingent liabilities arising out of such activities are properly identified and recorded and that evidence is retained of the customers agreement to the related terms and conditions;
perform substantive audit tests to establish the
completeness of the recorded obligations. Such tests could include confirmation procedures as well as examination of related fee income in respect of such activities and would be determined having regard to the degree of risk attached to the particular type of contingency being considered;
review the reasonableness of the year-end
contingency figures in the light of his experience and his knowledge of the current years activities; and contingent liabilities have been recorded. Valuation As many of these transactions are either credit substitutes or depend for their completion on the credit-worthiness of the counterparty, the risks associated with such transactions are in principle no different from those associated with Loans. The audit objectives and considerations of particular importance discussed in paragraph 6.19 would be equally relevant in respect of such transactions. Presentation and Disclosure Although relevant accounting principles will usually require disclosure of such obligations in the notes to the financial statements rather than in the balance sheet, the auditor should nevertheless consider the potential financial impact on the banks capital, funding and profitability of the need to honor such 38 1006
obtain representation from management that all
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
obligations and whether this needs to be specifically disclosed in the financial statements. 6.23 Interest income and interest expense Measurement Given the large volume of loans and deposits on which interest income and expense are calculated as well as the variations in interest rates between various categories of loans and deposits and over time, there is a need to:
obtain reasonable assurance that satisfactory
procedures exist for the proper accounting of accrued income and expenditure at the year-end;
assess the adequacy of the related system of
internal control; and
utilize analytical review techniques in assessing
the reasonableness of the reported amounts. Such techniques include comparison of reported interest yields in percentage terms:
to market rates; to prime rates; to advertised rates (by type of loan or deposit);
and
between portfolios.
In making such comparisons, it is important to ensure that average rates in effect (e.g., by month) are used in order to avoid distortions caused by interest rate volatility. The auditor also needs to assess the reasonableness of the policy applied to income recognition on troubled loans, especially where such income is not being received on a current basis. 6.24 Income from securities, including: gains and losses interest dividends Measurement The audit procedures in this area should be carried out in conjunction with Money Market Instruments, Trading Securities, Other Financial Instruments and Investments to ensure that:
the correlation between securities owned and the
related income is reasonable; and
all significant gains and losses from sales and
revaluations have been reported in accordance with relevant accounting principles (e.g., where gains and losses on trading securities are treated differently from those on investment securities). 39 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
6.25 Provisions for loan losses
Measurement The major audit concerns in this area are discussed above under Loans. Usually, provisions will take two forms, namely specific provisions in respect of identified losses on individual accounts and general provisions to cover losses which are thought to exist but which have not been specifically identified. In those countries where levels of general provisions are prescribed by local regulations, the auditor should ensure that the reported provision expense is calculated in accordance with such regulations. In other countries the auditor should assess the adequacy of such general provisions based on such factors as past experience and other relevant information. Appendix 3 to this Statement contains examples of substantive audit procedures for the evaluation of loan loss provisions. Measurement Given the volume of transactions that are typically undertaken in this area, the auditor should assess:
6.26 Gains and losses on foreign exchange
the adequacy of the related system of internal
control, including the period-end reconciliation procedures, particularly in respect of the completeness and accuracy of the recording of outstanding positions as at the financial statement date (which will necessitate a familiarity by the auditor with the standard inter-bank transaction confirmation procedures);
the appropriateness of the exchange rates used at
the financial statement date to calculate accrued gains and losses; and
the appropriateness of the accounting policies
used having regard to relevant accounting principles particularly with regard to the distinction between realized and unrealized profits and losses. Additionally, the auditor should ensure that individual foreign exchange contracts have been revalued, rather than foreign exchange positions, as such positions can include contracts maturing on varying dates at varying rates. 6.27 Fee and commission income Measurement The auditor should consider whether the fee and commission income recorded: 40 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
relates to the period covered by the financial
statements and that those amounts relating to future periods have been deferred;
is collectible (this should be considered as part of
the loan review audit procedures where the fee has been added to a loan balance outstanding);
is accounted for in accordance with applicable
regulatory instructions and relevant accounting principles; and
is complete (i.e., all individual items have been
recorded). In this respect, there may be a need to utilize analytical review techniques in assessing the reasonableness of the reported amounts. 6.28 Provision for taxes on income Measurement The auditor should be familiar with special taxa tion rules applicable to banks in the jurisdiction in which the bank on which he is reporting is located and also needs to ensure that any auditors on whose work he is relying in respect of the banks foreign operations are similarly familiar with the rules in their jurisdiction. An awareness of the taxation treaties between the various jurisdictions in which the bank operates is also required. Presentation and Disclosure The auditor should ensure that the notes to the banks financial statements are in accordance with both regulatory instructions and with relevant accounting principles, including International Accounting Standards. Where such notes include information in respect of foreign operations of the bank, the auditor should ensure that appropriate audit procedures have been applied to that information and that the necessary adjustments have been made to ensure it conforms to the accounting principles followed by the preparation of the banks financial statements.
6.29 Notes to the financial statements (including, where applicable, a Statement of Accounting Policies)
7. 7.1
Reporting on the Financial Statements ISA 700 The Auditors Report on Financial Statements, states: The auditor should review and assess the conclusions drawn from the audit evidence obtained as the basis for the expression of an opinion on the financial statements.
41
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
This review and assessment involves forming an overall conclusion as to whether:
the financial statements have been prepared using
acceptable accounting policies, which have been consistently applied;
the financial statements comply with regulations and
statutory requirements relating to the preparation of financial statements;
the view presented by the financial statements as a
whole is consistent with the auditors knowledge of the business of the entity; and
there is adequate disclosure of all material matters
relevant to the proper presentation of the financial statements. 7.2 In rendering his opinion on the banks financial statements, the auditor should consider the need to:
adhere to specific formats, terminology and accounting principles as
specified by the law, the regulatory authorities, professional bodies and industry practice; and
ensure that adjustments have been made to the accounts of foreign
branches and subsidiaries which are included in the consolidated financial statements of the bank to bring them into conformity with the accounting principles under which the bank is reporting. This is particularly relevant in the case of banks because of the large number of countries in which such branches and subsidiaries may be located and the fact that in most countries local regulations prescribe specialized accounting principles applicable primarily to banks. This could lead to a greater divergence in the accounting principles followed by branches and subsidiaries, than would be the case in respect of other business entities. 7.3 In some countries, local regulations permit banks to maintain hidden reserves. Where the existence of hidden reserves is not disclosed in the financial statements, the auditor should disclose this fact in his audit report. It is suggested that this may be accomplished by reference to the relevant statutes or law which permit the existence of hidden reserves.
42
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Appendix 1
Examples of Internal Control Checklists to Assist in Assessing Three Typical Areas of a Banks Operations: Foreign Exchange Trading Credit Trust Activities A. Foreign Exchange Trading Operational controls Does the bank have written policies which are in the hands of all dealers in respect of the following:
prohibiting dealers from trading on their own account; identification of approved counterparties; and procedures for the review of dealers activities by management?
Limits & Trading Activity Does the bank have written policies established for intra -day and end-of-day limits:
by currency; by counterparty; by maturity date; and by trader?
Recording Does the bank have written policies in use to:
spotlight unusually heavy dealing by a customer who may be experiencing
financial difficulties;
adequately disclose sudden increases in trading volume by any one trader,
customer or counterparty; and
adequately disclose transactions at unusual contract rates?
Does the bank have written procedures which require:
prenumbered trade tickets to be allocated to each dealer; the accounting for all used and unused trade tickets; the prompt recording into the accounting records by an independent party
of all transactions, including procedures to identify and correct rejected transactions; 43 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
the daily reconciliation of dealers positions and profits with the
accounting records and the prompt investigation of all differences; and
regular reports to management in appropriate detail to allow the
monitoring of the limits referred to above? Confirmations Does the bank have written procedures in use:
for the independent dispatch of prenumbered outward confirmations to
counterparties for all trades entered into by the dealers;
for the independent receipt of all incoming confirmations and their
matching to pre-numbered copies of internal trade tickets;
for independent comparison of signatures on incoming confirmations to
specimen signatures;
for the independent confirmation of all deals for which no inward
confirmation has been received; and
for the independent follow-up of discrepancies on confirmations received?
Position account maintenance Does the bank have accounting records which allow it to prepare reports which show its spot, forward and net open and overall positions:
by purchase and sale, by currency; by maturity dates, by currency; and by counterparty, by currency?
Are foreign exchange positions revalued periodically (e.g., daily) to current values bas ed on quoted foreign exchange rates? Settlement of transactions Are settlement instructions exchanged in writing with counterparties by the use of inward and outward confirmations? Are settlement instructions compared to the contracts? Are settlements made only by appropriate authorized employees independent of the initiation and recording of transactions and only on the basis of authorized, written instructions? Are all scheduled settlements (receipts and payments) notified daily in writing to the settlements department so that duplicate requests and failures to receive payments can be promptly detected and followed-up?
44
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Are accounting entries either prepared from or checked to supporting documentation by operational employees, other than those who maintain records of uncompleted contracts or perform cash functions? Account reconciliations Are all nostro and vostro account reconciliations performed frequently and by employees independent of the settlement function? B. Credit The credit function may conveniently be divided into the following categories: (a) (b) (c) (d) (a) origination and disbursement; monitoring; collection; and periodic review and evaluation. origination and disbursement:
Within these categories, the key internal controls are as follows:
does the bank obtain complete and informative loan applications,
including financial statements of the borrower and the intended use of proceeds;
does the bank have written guidelines as to the criteria to be used in
assessing loan applications (e.g., requirements, debt-to-equity ratios); conducted on prospective borrowers; interest coverage, margin
does the bank obtain credit reports or have independent investigations does the bank have procedures in use to ensure that connected party
lending has been identified;
is there an appropriate analysis of customer credit information,
including projected sources of loan servicing and repayments;
are loan approval limits based on the lending officers expertise; is appropriate lending committee or board of director approval
required for loans exceeding prescribed limits;
is there appropriate segregation of duties between the loan approval
function and the loan disbursement monitoring, collection and review functions;
is the ownership of loan collateral and priority of the security interest
verified;
is the documentation supporting the loan application reviewed and
approved by an employee independent of the lending officer; 45 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
is there a control to ensure the appropriate registration of security
(e.g., recording of liens with governmental authorities);
is there adequate physical protection of notes, collateral and
supporting documents;
is there a control to ensure that loan disbursements are recorded
immediately; and
is there a control to ensure that to the extent possible, loan proceeds
are used by the borrower for the intended purpose? (b) monitoring:
are ledger trial balances prepared and reconciled with control
accounts by employees who do not process or record loan transactions;
are reports prepared on a timely basis of loans on which principal or
interest payments are in arrears;
are these reports reviewed by employees independent of the lending
function;
are there procedures in use to monitor the borrowers compliance
with any loan restrictions (e.g., covenants) and requirements to supply information to the bank; collateral values;
are there procedures in place that require the periodic reassessment of are there procedures in place to ensure that the borrowers financial
position and results of operations are reviewed on a regular basis; and
are there procedures in place to ensure that key administrative dates,
such as the renewal of security registrations, are accurately recorded and acted upon as they arise? (c) collection:
are the records of principal and interest collections and the updating
of loan account balances maintained by employees independent of the credit granting function;
is there a control to ensure that loans in arrears are followed up for
payment on a timely basis;
are there written procedures in place to define the banks policy for
recovering outstanding principal and interest through proceedings, such as foreclosure or repossession; and legal
are there procedures in place to provide for the regular confirmation
of loan balances by direct written communication with the borrower by employees independent of the credit granting and loan recording functions, as well as the independent investigation of reported differences? (d) periodic review and evaluation: 46 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
are there procedures in place for the independent review of all loans
on a regular basis, including:
the review of the results of the monitoring procedures referred to
above; and the review of current issues affecting borrowers in relevant geographic and industrial sectors?
are there appropriate written policies in effect to establish the criteria
for:
the establishment of loan loss provisions; the cessation of interest accruals (or the establishment of offsetting
provisions); the valuation of collateral security for loss provisioning purposes; the reversals of previously established provisions; and the resumption of interest accruals?
are the procedures in place to ensure that all required provisions are
entered into the accounting records on a timely basis? C. Trust Activities Account Initiation and Authorization Does the bank:
have a committee in place to determine criteria for acceptance of new
accounts and to set the fees thereon; advice, where necessary; and
utilize standard trust agreements to the extent possible and obtain legal review the initial deposit of assets to ensure compliance with the trust
agreement? Does the bank have written policies available to all employees responsible for administration of trust assets in respect of the following:
guidelines for investment decisions; listing of brokers and dealers with whom the trust is prepared to deal; conflict of interest and self-dealing; organizational charts and job descriptions of all employees within the trust
function; and
compliance with regulatory rules?
Monitoring Does the bank have written procedures in use:
to ensure on a periodic basis that the customer and the bank have complied
with their obligations under the trust agreement; 47 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
to ensure that assets acquired on behalf of a trust adhere to the trust
agreement and relevant laws;
to ensure appropriate approval of all investment decisions; to ensure the timely investment or distribution of trust funds; to ensure that any principal or income receivable by the trust has been
collected, is in the process of collection or requires follow-up; accordance with the trust agreement; and
to ensure that fees are calculated and charged at regular intervals in to ensure adequate review and supervision of the above procedures?
Safeguarding of Trust Assets Does the bank have written procedures in use in respect of the following:
joint custody and control over trust assets; adequate physical security over trust assets, including storage in locked,
fireproof vaults;
safeguarding of unissued stock or bond certificates; existence of an accurate and up-to-date listing of all assets under
administration;
periodic reconciliation of physical holdings of assets in the vault with
accounting records, by employees independent of the recording or custody of trust assets; and
adequate insurance coverage in relation to level of assets under
administration? Accounting Does the bank:
ensure that staff engaged on trust operations are distinct from staff engaged
in other operations of the bank;
ensure that trust records are adequately segregated from the records for
transactions which the bank enters into on its own account;
ensure the segregation of duties within the trust operations relating to
initiation of transactions, authorization of transactions, custody of assets and maintenance of accounting records;
maintain control accounts for cash balances relating to principal and
income for each trust;
ensure periodic reconciliations of all control and suspense accounts are
performed by an employee independent of the receipts and disbursements functions;
ensure daily posting of journals including detailed descriptions of principal
and income transactions; 48 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
have procedures to ensure appropriate classification of trust assets and
income by trust account and nature of assets;
have procedures in use to ensure appropriate classification of cash receipts
between capital and income;
regularly report the value of assets and income earned to the customer; monitor the receipt of income with that expected and follow-up on any
differences; and
have procedures in place to record accurately rights and bonus issues,
stock dividends and stock splits?
49
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Appendix 2
Examples of Financial Ratios Commonly Used in the Analysis of Bank Financial Condition and Performance There are a large number of financial ratios which are used to analyze a banks financial condition and performance. While these ratios vary somewhat between countries and between banks, their basic purpose tends to remain the same, that is, to provide measures of performance in relation to prior years, to budget and to other banks. These ratios generally fall into the following categories:
Asset quality; Liquidity; Earnings; and Capital adequacy.
Set out below are those overall ratios which the auditor is likely to encounter. Many other, more detailed ratios will usually be prepared by management to assist in the analysis of the condition and performance of the bank and its various categories of assets and liabilities, departments and market segments. (a) Asset quality ratios:
loan losses to total loans non-performing loans to total loans loan loss reserves to non-performing loans earnings coverage to loan losses increase in loan loss reserves to gross income
(b) Liquidity ratios:
cash and liquid securities (e.g., those due within 30 days) to total assets inter-bank and money market deposit liabilities to total assets
(c) Earnings ratios:
return on average total assets return on average total equity net interest margin as a percentage of average total assets and average
earning assets
interest income as a percentage of average interest bearing assets interest expense as a percentage of average interest bearing liabilities non-interest income as a percentage of average commitments non-interest income as a percentage of average total assets
50 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
non-interest expense as a percentage of average total assets
(d) Capital adequacy ratios:
equity as a percentage of total assets equity as a percentage of risk assets
51
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Appendix 3
Examples of Substantive Audit Procedures for the Evaluation of Loan Loss Provisions 1. The Examination of Loans, Individually and by Category A. Introductory Comments The review of individual loans is generally the most difficult task in the completion of a bank audit. It is also the most critical due to the level of risk and the effect of the provision for loan losses upon the financial position of the bank. In addition, the task of assessing loan collectability is one which demands the greatest amount of judgment and diligence from the auditor. It is therefore essential that the auditor be well prepared prior to commencing such a review. The auditor must:
Obtain an understanding of the banks method of controlling risk.
Such risks will arise from factors such as:
currency of the loan; creditworthiness of the borrower; purpose of the loan; security for the loan; nature of borrowers business activities; and country of operation of the borrower.
Obtain a knowledge and understanding of:
the banks loan monitoring process, and its system for ensuring
that all connected party lending has been identified and aggregated; the banks method for appraising the value of loan collateral and for identifying potential and definite losses; the loan portfolio and the various features and characteristics of the loans; the loan documentation used by the bank; what constitutes appropriate loan documentation for different types of loans; the banks lending practices and customer base; and the banks procedures and authority levels for granting a loan.
The governing statutes and regulations under which the bank operates may specify the extent of the loan review process and any special reporting requirements to the regulatory authority. Consequently, these should be reviewed to identify any special reporting requirements which may affect the audit. 52 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
B.
Audit Objectives Within the context of the overall audit objective, the principal objective of the loan review is to ensure that loans receivable are appropriately valued and that loans requiring a provision for loss have been completely identified and provided for as necessary.
C.
Audit Approach The approach will g enerally be based upon year-end substantiation although the loan review is often performed before the year-end, with a review of the intervening period being performed at the year-end. The procedures to be applied should apply not only to loans, but also extend to all other items for which the bank is at risk, whether recorded on or off balance sheet. In addition to the provisions required against individual loans, a bank will normally need to consider the requirement for provisions in respect to certain categories of loans. Such provisions may be required, either in addition to specific provisions that may have been made against individual loans in the category, or in lieu of such specific provisions. Examples of categories in which an additional provision for loss may be required would be those relating to geographic or industry sectors, where overall concerns as to collectability exist but are not felt to be fully quantified by the provisions against the individual loans. Examples of categories in which a provision for loss may be required in lieu of specific provisions against the individual loans would be those relating to: (a) categories of homogeneous loans, such as credit card loans and, perhaps, residential mortgages, where the small size of the individual loans may not warrant an item by item evaluation and historical experience may be deemed a satisfactory basis on which to provide for likely losses; and categories of loans, such as those to countries which are experiencing foreign exchange problems, where there is insufficient information available on which to establish specific provisions and where there may be alternative sources of guidance. Such guidance may be provided by:
the banks previous provisioning practice and loss experience; available information from the supervisors; or where such loans are held for disposal, secondary market prices.
In each of the above situations, the auditor will need to assess whether the provisions made in respect of each category are adequate in the light of the information available. D. Sample substantive procedures
53
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
SAMPLE SUBSTANTIVE PROCEDURES General 1. Record on the audit program the nature, extent and timing of the audit procedures, as determined by the degree of reliance that can be placed on internal controls, the materiality and volume of accounts, and the frequency of transactions, and the proposed degree of coordination of loan review procedures with those of internal audit. Consider performing the following procedures at an early validation date, with an update review to the year-end. Obtain a copy of the banks complete listing of loans as examined in the loans section of the working paper file. Obtain a listing of definite and potential loan losses identifying the borrower, principal amount outstanding, accrued interest receivable and assessment of the amount of definite and potential loss. (This should be the same listing used in the loans section of the working paper file.) Consider requesting the assistance of an insolvency specialist in completing the review of selected loans.
2. 3.
Sample Selection Criteria 4. Before commencing the loan review, the following general factors should be reviewed for their effect on the sample selection criteria:
any change in the level of risk highlighted by a review of the banks
liquidity, interest rate and maturity mismatch and capital adequacy ratios over a longer period of time (e.g., 4 years) and a comparison to other similar financial institutions; and deposits, which may be indicative of a decline in external confidence and an over-dependence on more volatile money markets.
any change in the banks reliance on inter-bank deposits versus customer
5. Consider any special requirements of the regulatory authorities (e.g., maximum limits on individual or connected exposures) and determine the sample selection criteria appropriate in the circumstances. Selection criteria should be applied to all connected party lending and should include the following (the sample size selected below in each case will vary with the selection criteria):
accounts with an outstanding balance equal to or greater than (sample size
selected);
accounts on a Watch List with an outstanding balance in excess of
(sample size selected);
accounts with a provision in excess of (sample size selected);
54
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
accounts which are handled by the department that manages the banks
problem or higher risk accounts;
accounts where principal or interest is in arrears for more than a specified
period (sample size selected); accounts where the amount outstanding s in excess of the authorized i credit line; problem accounts identified by the bank regulatory authorities and problem accounts selected in the prior year;
degree of exposure to other financial institutions on inter-bank lines; and amount of participation in syndicated loans.
In addition, where the banks personnel have been requested to summarize characteristics of all loans over a specified size grouped on a connection basis, review the summaries for loans with the following characteristics which may indicate a need for a more detailed review:
large operating loss in the most recent fiscal year; sustained operating losses (e.g., 2 or more years); a high debt/equity ratio (e.g., in excess of 2:1 the ratio will vary by
industry, however);
failure to comply with terms of agreement on covenants; negative comments by account manager as to:
trends and factors affecting performance; company prospects; and significant events such as restructuring of loans or failure to comply
with debt covenants;
qualified audit report; information provided not current or complete;
advances significantly unsecured or secured substantially by a guarantee; accounts where reviews not performed by bank management on a timely basis in accordance with laid -down procedures; and groupings of accounts that may result in increased exposure (e.g., by currency, country, geographic location, connected group and industry). Loan Review 6. 7. Select the loans for detailed review from the loan listings above using the sample selection criteria determined in steps 4 and 5. Obtain the documents necessary to assess the collectability of the loans. These may include: (a) (b) (c) the loan and security documentation files; arrears listings or reports; activity summaries; 55 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
(d) (e) (f) (g) 8. 9.
previous doubtful accounts lis tings; the non-current loan report; financial statements of the borrower; and security valuation reports.
Using the loan documentation file, ascertain the loan type, interest rate, maturity date, repayment terms, security and purpose of the loan. Ensure that security documents bear evidence of registration as appropriate, and that security has been obtained in a legally enforceable form. Determine whether the fair value of the security appears adequate (particularly for those loans where a provision may be required) to secure the loan and that where applicable, the security has been properly insured. Critically evaluate the collateral appraisals, including the appraisers methods and assumptions. Ensure that the loan application or renewal has been approved by the appropriate authority levels within the bank. Review prior arrears listings and activity summaries and ascertain that the operating history of the loan is in accordance with the original terms of the loans. Review periodic financial statements of the borrower and note significant amounts and operating ratios (i.e., working capital, earnings, shareholders equity and debt-to-equity ratios). Review any notes and correspondence contained in the loan review file. Note the frequency of review performed by the banks staff and ensure that it is within bank guidelines. Consider where applicable, the reports of the banks internal loan review department. Review correspondence and agreements for loans sold or participated by the bank. Ensure that there is no recourse to the bank, or if there is recourse, consider the loans for further review.
10. 11.
12.
13.
14. 15.
Loan Provisions 16. Based upon the information obtained in the preceding steps, evaluate the collectability of loans receivable and determine the need for a provision against the account. Quantify the amount of the provision, identifying the specific loan where a provision is required. Provide details of the calculation of the provision. Compare the amount of the provision to the amount established by the bank and quantify the difference. Summarize the amounts identified. Obtain a listing of provisions established at the previous year-end and ensure all significant movements have been reviewed during the course of the loan review. In addition to assessing the adequacy of the provisions against individual loans, consider whether any additional provisions need to be established 56 1006
17. 18. 19.
20.
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
against particular categories or classes of loans (e.g., credit card loans and country risk loans) and assess the adequacy of any provisions that the bank may have established. 21. Discuss the results of the above procedures with management. Conclusions 22. 23. Based upon the preceding procedures, determine the appropriateness of the banks provision for loan losses. (a) Confirm that the accounting policies applied for determining loan loss provisions are consistent with those applied in the previous year, are in accordance with relevant accounting principles and are appropriately disclosed in the banks financial statements. i) ii) State whether any exceptions were noted in steps 1 to 21 above; If so, confirm that they have been recorded on the working papers and that the nature and level of substantive procedures have been amended as necessary; and Confirm that all exceptions have been carried forward to the summary of unadjusted differences. Consider whether the above substantive procedures have provided any evidence that the banks loan loss provisions are not fairly stated in its accounts; and
(b)
iii) (c) i)
ii) If there is such evidence, draw it to the attention of the audit manager and partner, along with the appropriate working paper references. 2. The Evaluation of the Overall Loan Loss Provision After completing the examination of individual loans, the auditor should evaluate the adequacy of the overall loan loss provision in light of trends noted;
in the examination of individual loans; and in the loan portfolio as a whole and in its components.
These trends can be categorized between those relating to quantitative information and those relating to qualitative information. Using these categorizations, the trends which the auditor may wish to consider are as follows: (a) trends in quantitative information 1. Information specifically relating to the bank: i) financial and statistical information for the current and prior years, compared to the loan portfolio as a whole and, where appropriate, to individual categories of loans (portfolios): the level of provisions 57 1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
the actual loan loss experience. the level of non-accrual loans the level of work-outs the level of write-offs the level of loans in each of the banks risk rating categories recoveries of prior years provisions concentration of loans:
by industry by geographic region to specific borrowers and their related parties
the level of differences in judgement on individual loans between management and the auditor ii) information which may not be gathered by the bank in a quantitative manner: the absence of current financial data on the loan files (e.g., financial statements, appraisals of collateral) level of loans to borrowers experiencing financial difficulties level of dependence for collectability or relatively illiquid collateral frequency of increases in credit lines to troubled borrowers level of loans to borrowers exceeding approved credit lines frequency of extensions granted for the repayment of principal and interest. Information which may be compared to data available for other banks: the level of loan loss experience the level of loan loss provisions in the statement of earnings. 3. Information on the countries in which the bank has credit risk: gross national product commodity (e.g., oil and foodstuff) prices real estate prices/housing starts/commercial construction permits interest rates foreign exchange rates. (b) trends in qualitative information
2.
58
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
An outline of the factors the auditor might consider in an assessment of qualitative trends noted in the examination of individual loans is set out below:
the expertise of credit management, including their industry
knowledge;
the extent of reliance by credit management on external evidence and
expertise, particularly in the valuation of collateral; and
the criteria used for classifying loans as non-accrual and for
establishing provisions (e.g., the assumed loan work-out success ratio). In practice, the specific trends which the auditor will consider and the extent to which they are considered and documented will depend on:
the overall financial condition of the bank; the auditors initial and ongoing assessment of risk (which will be
influenced by factors such as the auditors assessment of the inherent risk in the loan portfolio, the results of the examination of internal control and the review of the work of the internal auditor);
the results of the examination of individual loans; and the degree of comfort the auditor has with managements judgments
(usually as a result of previous audits and the above mentioned examinations of individual loans and, in some cases, on the results of the auditors examination of other financial statement balances).
59
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
HIGHLIGHTS 1.7 This Statement is organized into a discussion of the various stages of the audit of a bank with emphasis being given to those matters which are either peculiar to or of particular importance in such an audit. Also included for illustrative purposes are appendices which contain examples of:
typical internal control procedures likely to exist in three of the major operating areas of a bank,
being the lending, foreign exchange trading and trust activities; and
financial ratios commonly used in the analysis of a banks financial condition and performance; substantive audit procedures for the evaluation of loan loss provisions.
Audit Risk
4.15 The three components of audit risk as defined in ISA 400 Risk Assessments and Internal Control, and as amplified in ISA 320 Audit Materiality are:
inherent risk (the risk that material errors will occur); control risk (the risk that the banks system of internal control will not prevent or correct such
errors); and
detection risk (the risk that any remaining material errors will not be detected by the auditor).
The risks associated with banking activities as discussed in paragraphs 4.7 to 4.12 indicate that the inherent risk in most cases will be fairly high. It is therefore necessary to ensure through an adequate system of internal control that the control risk is kept at a low level. Inherent and control risks exist independently of the audit of financial information and cannot be controlled by the auditor. However, he can assess these risks and so design his substantive procedures as to produce an acceptable level of detection risk. The extent of CIS and EFT systems 4.16 The high volume of transactions and the short time-frames in which they must be processed typically result in the extensive use by most banks of CIS and EFT systems. The characteristics and control concerns arising from the use of CIS by a bank are similar to those arising when such systems are used by other organizations. However, the matters which are of particular concern to the auditor of a bank include:
the use of CIS to calculate and record substantially all the interest income and interest expense,
which are normally the two most important elements in the determination of a banks earnings; and record the gains and losses arising therefrom; and
the use of CIS to determine the foreign exchange and security trading positions and to calculate the extensive, almost total, dependence on the records produced by the CIS because they
represent the only readily accessible source of detailed up-to-date information on the banks assets and liability positions, such as customer loan and deposit balances. EFT systems are used by banks both internally, for example, for transfers between branches and between automated banking machines and the central computerized file which records account activity, and externally between the bank and other financial institutions, for example, through the SWIFT network. In order to properly evaluate the system of internal control and to determine the nature, timing and extent of the substantive audit procedures, the auditor needs to be aware of the extent and manner in which CIS and EFT systems are used by the banks.
60
1006
THE AUDIT OF INTERNATIONAL COMMERCIAL BA NKS
Reliance on internal control
4.17 In forming his audit opinion, the auditor generally cannot rely solely on the results of his substantive tests because of:
the high volume of transactions entered into by banks; the manner in which transactions are entered into by banks; the geographic dispersion of banks operations; and the extensive use of CIS and EFT systems.
In most situations the auditor will therefore need to place significant reliance on the banks system of internal control. To do so he will need to make a careful evaluation of the system to assess the degree of reliance he can place upon the same in determining the nature, timing and extent of his other audit procedures.
The work of internal audit
4.18 While the scope and objectives of internal audit can vary widely depending upon the size and structure of the bank and the requirements of the board of directors and its management, its role normally includes the review of the accounting system and related internal controls and monitoring their operation and recommending improvements thereto. It also generally includes a review of the means used to identify, measure and report financial and operating information and specific inquiry into individual items including detailed testing of transactions, balances and procedures. The factors which often require the auditor to place significant reliance on the banks system of internal control, will also often require the auditor to use the work of the internal auditor. This is especially relevant in the case of banks which have a large geographic dispersion of branches. Often, as a part of the internal audit department or as a separate component, a bank has a loan review department which reports to management on the quality of loans and the adherence to established procedures in respect thereof. In either case, the auditor will often wish to make use of the work of this department. Detailed guidance on the use of the work of an internal auditor is provided in ISA 610 Considering the Work of Internal Auditing.
61
1006
You might also like
- International Commercial Bank Audit GuideNo ratings yetInternational Commercial Bank Audit Guide61 pages
- International Statements of Audit PracticesNo ratings yetInternational Statements of Audit Practices5 pages
- Audit and Assurance Bank and Other Financial Institutions100% (1)Audit and Assurance Bank and Other Financial Institutions44 pages
- Exposure Draft - Guidance Note OnAudit of Banks 2025No ratings yetExposure Draft - Guidance Note OnAudit of Banks 20251,123 pages
- AUDITING AND ASSURANCE SPECLIZED INDUSTRIES - 25 Sep 2023v2100% (1)AUDITING AND ASSURANCE SPECLIZED INDUSTRIES - 25 Sep 2023v220 pages
- Auditing and Ethics May 2024 1701769294No ratings yetAuditing and Ethics May 2024 170176929426 pages
- Audit of Banks and Non Banking Financial Companies100% (1)Audit of Banks and Non Banking Financial Companies128 pages
- Basel Committee On Banking Supervision: January 2002No ratings yetBasel Committee On Banking Supervision: January 200223 pages
- Money Laundering in International BankingNo ratings yetMoney Laundering in International Banking83 pages
- New Age Banking and Auditing - It's Different: The Banking Sector Has Moved FromNo ratings yetNew Age Banking and Auditing - It's Different: The Banking Sector Has Moved From4 pages
- Fal - Con Investor Briefing PresentationNo ratings yetFal - Con Investor Briefing Presentation97 pages
