Auditing Standards and Practices Council

Philippine Auditing Practice Statement 1004

THE RELATIONSHIP BETWEEN

BANGKO SENTRALNG PILIPINAS (BSP) AND BANKS’
EXTERNAL AUDITORS

PHILIPPINE AUDITING PRACTICE STATEMENT 1004 THE RELATIONSHIP BETWEEN

BANGKO SENTRAL NG PILIPINAS (BSP) AND BANKS’ EXTERNAL AUDITORS

This Philippine Auditing Practice Statement (PAPS or Statement) has been prepared by
the Auditing Standards and Practices Council (ASPC).
 PAPS 1004

The Preface to Philippine Standards on Auditing and Related Services sets out the
purpose and authority attached to PAPS.

PAPS are issued by the ASPC to provide practical assistance to auditors in implementing
the Philippine Standards on Auditing (PSAs) or to promote good practice. Statements
do not have the authority of PSAs.

This PAPS is based on International Auditing Practices Statement (IAPS) 1004. IAPS
1004 has been prepared in association with the Basel Committee on Banking
Supervision1 (the Basel Committee). IAPS 1004 was approved for publication by the
International Auditing Practices Committee (IAPC) of the International Federation of
Accountants and by the Basel Committee. It is based on ISAs extant at 1 October 2001.

Banks play a vital role in economic life and the continued strength and stability of the
banking system is a matter of general public concern. The separate roles of banking
supervisors and external auditors are important in this regard. The growing complexity
of banking makes it necessary that there be greater mutual understanding and, where
appropriate, more communication between banking supervisors and external auditors.

The purpose of this Statement is to provide information and guidance on how the
relationship between bank auditors and supervisors can be strengthened to mutual
advantage, and it takes into account the Basel Committee’s Core Principles for Effective
Banking Supervision. The ASPC and the Bangko Sentral ng Pilipinas (BSP) hope that it
will provide useful guidance about the respective roles of the BSP and external
auditors.

1 The Basel Committee on Banking Supervision is a committee of banking supervisory authorities which
was established by the central bank Governors of the Group of Ten countries in 1975. It consists of
senior representatives of banking supervisory authorities and central banks from Belgium, Canada,
France, Germany, Italy, Japan, Luxembourg, the Netherlands, Spain, Sweden, Switzerland, the United
Kingdom and the United States. It usually meets at the Bank for International Settlements in Basel,
where its permanent Secretariat is located.
 PAPS 1004

PHILIPPINE AUDITING PRACTICE STATEMENT THE RELATIONSHIP BETWEEN BANGKO

SENTRAL NG PILIPINAS (BSP) AND BANKS’ EXTERNAL AUDITORS

CONTENTS

Paragraphs

Introduction 1-7

The Responsibility of the Bank’s Board of Directors

and Management 8-13

The Role of the Bank’s External Auditor 14-27

The Role of the Bangko Sentral ng Pilipinas (BSP) 28-45

The Relationship Between the BSP and the Bank’s

External Auditor 46-55

Additional Requests for the External Auditor to Contribute

to the Supervisory Process 56-67

The Need for a Continuing Dialogue Between the BSP

and the Accountancy Profession 68-70

Effective Date 71

Acknowledgment 72-73
 (PAPS 1004)

Introduction

1. Banks play a central role in the economy. They hold the savings of the public,
provide a means of payment for goods and services and finance the
development of business and trade. To perform these functions securely and
efficiently, individual banks must command the confidence of the public and
those with whom they do business. The stability of the banking system, both
nationally and internationally, has therefore come to be recognized as a matter
of general public interest. This public interest is reflected in the way banks,
unlike most other commercial enterprises, are subject to prudential supervision
by a specific official agency, the Bangko Sentral ng Pilipinas (BSP).

2. Banks’ financial statements are also subject to audit by external auditors. The
external auditor conducts the audit in accordance with applicable ethical and
auditing standards, including those calling for independence, objectivity,
professional competence and due care, and adequate planning and supervision.
The auditor’s opinion lends credibility to the financial statements and promotes
confidence in the banking system.

3. As the business of banking grows in complexity, both nationally and

internationally, the tasks of the BSP and external auditors are becoming more
and more demanding. In many respects, the BSP and external auditors face
similar challenges and, increasingly, their roles are being perceived as
complementary. Not only does the BSP benefit from the results of the auditors’
work, but it may also turn to the external auditor to undertake additional tasks
when these tasks contribute to the performance of their supervisory roles. At
the same time, external auditors, in carrying out their role, also look to the BSP
for information that can help in discharging their responsibilities more
effectively.

4. The ASPC and BSP share the view that greater mutual understanding about the
respective roles and responsibilities of the BSP and external auditors and, where
appropriate, communication between them improves the effectiveness of audits
of banks’ financial statements and supervision to the benefit of both disciplines.
 (PAPS 1004)

-2-

5. The roles and responsibilities of a bank’s board of directors2 and management,

the bank’s external auditors, and the BSP derive from law, custom and, for
external auditors, professional practice. This Statement is not intended to
challenge or change these roles or responsibilities. Rather, it is intended to
provide a better understanding of the nature of the roles of bank’s boards of
directors and management, external auditors, and the BSP, since misconceptions
about such roles could lead to inappropriate reliance being placed by one on the
work of another. This Statement seeks to remove possible misconceptions and
suggests how each might make more effective use of the work performed by the
other. The Statement accordingly:

(a) sets out the primary responsibility of the board of directors and
management (paragraphs 8–13);

(b) examines the essential features of the role of external auditors

(paragraphs 14–27);

(c) examines the essential features of the role of the BSP (paragraphs 28–
45);

(d) reviews the relationship between the BSP and the bank’s external auditor
(paragraphs 46–55); and

(e) describes additional ways in which external auditors and the accountancy
profession can contribute to the supervisory process (paragraphs 56–70).

6. In September 1997 the Basel Committee published its Core Principles for
Effective Banking Supervision, known as the Basel Core Principles. The Basel
Core Principles (which are used in country assessments by organizations such as
the World Bank and the International Monetary Fund) are intended to serve as a
basic reference for an effective supervisory system internationally and in all

2 The notions of “board of directors” and “management” are used, not to identify legal constructs, but
rather to label two decision-making functions within a bank. Under the Glossary of Terms for PSAs,
management comprises officers and others who also perform senior management functions. The Basel
Core Principles (see paragraph 6) refer to the functions of the board of directors to describe the functions
of those charged with the governance of a bank. The principles set out in this paper are to be applied in
accordance with the corporate governance structure of the bank. The Basel Committee’s paper
“Enhancing Corporate Governance for Banking Organisations” published in September 1999 should be
referred to.
 (PAPS 1004)

-3-

countries. This Statement has been prepared taking into account the Basel Core
Principles.
7. The arrangements suggested in this Statement do not replace the existing
relationships between the BSP and external auditors. While this Statement is
not intended to be prescriptive, it is hoped that the guidance expressed in it will
be relevant to all situations.

The Responsibility of the Bank’s Board of Directors and the Management

8. The primary responsibility for the conduct of the business of a bank is vested in
the board of directors and the management appointed by it. The board of
directors is primarily responsible for the corporate governance of the bank. It
should establish strategic objectives, policies and procedures that will guide and
direct the activities of the bank, the means to attain these and the mechanism
for monitoring management’s performance. While management of the day-to-
day affairs of the bank is management’s responsibility, the board is, however,
responsible for monitoring and overseeing management action. Specific duties
and responsibilities of the board of directors include, insuring, among others,
that: 3

• Appointed officers are qualified and have integrity, technical expertise and
experience;
• Objectives and a business strategy are established and performance
reviewed;
• Corporate values, codes of conduct and other standards of appropriate
behavior are prescribed;
• Policies are adopted that will prevent the use of facilities in criminal and
other illegal activities;
• Written policies on all major business activities are established and
complied with;
• Responsibilities and decision-making authorities are prescribed;
• A system of checks and balances is established;
• Performance of management is monitored, assessed and controlled;
• Adequate risk management policy is adopted and maintained (including
effective internal controls);
3 See BSP Circular No. 283, Series of 2001.
 (PAPS 1004)

-4-

• An audit committee is constituted that will be responsible for, among other

things, the set-up of an internal audit department, appointment of the
external auditor, and monitoring and evaluating the internal control
system;
• Information flows internally and to the public;
• Compliance with existing laws, rules and regulations.

9. Management is responsible for preparing financial statements in accordance

with generally accepted accounting principles in the Philippines, and for
establishing accounting procedures that provide for the maintenance of
documentation sufficient to support the financial statements. This responsibility
includes ensuring that the external auditor who examines and reports on the
financial statements has complete and unhindered access to, and is provided
with, all necessary information that can materially affect them and,
consequently, the auditor’s report on them. Management also has the
responsibility to provide all information to the supervisory agencies that such
agencies are entitled by law or regulation to obtain.

10. Audit committees are set up4 to meet the practical difficulties that may arise in
the board of directors fulfilling its task of ensuring the existence and
maintenance of an adequate system of internal controls. In addition, such a
committee reinforces both the internal control system and the internal audit
function. In order to reinforce the audit committee’s effectiveness, the internal
and external auditors should be allowed and encouraged to attend the meetings
of the audit committee. Regular meetings of the audit committee with the
internal and external auditors help enhance the external auditors independence
and the credibility of the internal auditors, and assist the audit committee to
perform its key role on strengthening corporate governance.

11. Management is responsible for the establishment and the effective operation of
an internal audit function in a bank appropriate to its size and to the nature of its
operations.5 This function is part of the ongoing monitoring of the system of
internal controls because it provides an assessment of the adequacy of, and
compliance with, the bank’s established policies and procedures and assurance
as to the adequacy, effectiveness and sustainability of the bank’s risk
4 Under BSP Circular No. 283, Series of 2001, audit committees are optional for banks with net worth of
less than P20 million but mandatory if a subsidiary of other banks.

5 BSP Circular No. 283, Series of 2001, provides for the creation an audit committee that will be
responsible for the set-up of an internal audit function. See also footnote 4.
 (PAPS 1004)

-5-

management and control procedures and infrastructure independent of those

with day-to-day responsibility for complying with those policies and procedures.
In fulfilling its duties and responsibilities, management should take all necessary
measures to ensure that there is a continuous and adequate internal audit
function.

12. In order to be fully effective, the internal audit function should be independent
of the organizational activities it audits or reviews and also should be
independent from the every day internal control process. Every activity and
every division, subsidiary or other component of the banking organization should
fall within the scope of the internal audit function’s review. The professional
competence of each internal auditor and of the internal audit function as a
whole is essential for the proper performance of that function. Therefore, the
internal audit function should be adequately staffed with persons of the
appropriate skills and technical competence who are free from operating
responsibilities. The internal audit function should regularly report to the board
of directors and management on the performance of the internal control and
risk management systems and on the achievement of the internal audit
function’s objectives. Management should establish and approve a procedure
ensuring the consideration and, if appropriate, the implementation of the
internal audit function’s recommendations.

13. The responsibilities of the board of directors and management are in no way
diminished by the existence of a system for the supervision of banks by the BSP
or by a requirement for the bank’s financial statements to be audited by an
external auditor.

The Role of the Bank’s External Auditor

14. The objective of an audit of a bank’s financial statements by an external auditor

is to enable an independent auditor to express an opinion as to whether the
bank’s financial statements are prepared, in all material respects, in accordance
with generally accepted accounting principles in the Philippines. PSA 700, “The
Auditor’s Report on Financial Statements” requires the auditor to identify the
country of origin of the financial reporting framework used to prepare the
financial statements.

15. The external auditor’s report is appropriately addressed as required by the

circumstances of the engagement, ordinarily to either the shareholders or the
 (PAPS 1004)

-6-

board of directors. However, the report may be available to many other parties,
such as depositors, other creditors and supervisors. The auditor’s opinion helps
to establish the credibility of the financial statements. The auditor’s opinion,
however, should not be interpreted as providing assurance on the future viability
of the bank or an opinion as to the efficiency or effectiveness with which the
management has conducted the affairs of the bank, since these are not
objectives of the audit.
16. The auditor designs audit procedures to reduce to an acceptably low level the
risk of giving an inappropriate audit opinion when the financial statements are
materially misstated. The auditor assesses the inherent risk of material
misstatements occurring (inherent risk) and the risk that the entity’s accounting
and internal control systems will not prevent or detect and correct material
misstatements on a timely basis (control risk). The auditor assesses control risk
as being high unless the auditor is able to identify controls that are likely to
prevent or detect and correct a material misstatement and conducts tests of the
controls that support a lower assessment of control risk. Based on the
assessment of inherent and control risk, the auditor carries out substantive
procedures to reduce the overall audit risk to an acceptably low level.

17. The auditor considers how the financial statements might be materially
misstated and considers whether fraud risk factors are present that indicate the
possibility of fraudulent financial reporting or misappropriation of assets. The
auditor designs audit procedures to reduce to an acceptably low level the risk
that misstatements arising from fraud and error that are material to the financial
statements taken as a whole are not detected. PSA 240, “The Auditor’s
Responsibility to Consider Fraud and Error in an Audit of Financial Statements”
lists fraud risk factors whose presence may alert the auditor to the possibility of
fraud existing. When the auditor determines that evidence of fraud exists, the
auditor is required to disclose this information to the BSP (see paragraph 27) 6.

18. In carrying out the audit of a bank’s financial statements, the external auditor
recognizes that banks have the following characteristics that generally
distinguish them from most other commercial enterprises, and which the auditor
takes into account in assessing the level of inherent risk.

• They have custody of large amounts of monetary items, including cash

and negotiable instruments, whose physical security has to be
safeguarded during transfer and while being stored. They also have

6 Required under BSP Circular No. 245, Series of 2000, dated May 25, 2000, as amended by BSP Circular
No. 318. Series of 2002.
 (PAPS 1004)

-7-

custody and control of negotiable instruments and other assets that are
readily transferable in electronic form. The liquidity characteristics of
these items make banks vulnerable to misappropriation and fraud. Banks
therefore need to establish formal operating procedures, well-defined
limits for individual discretion and rigorous systems of internal control.

• They often engage in transactions that are initiated in one jurisdiction,

recorded in a different jurisdiction and managed in yet another
jurisdiction.

• They operate with very high leverage (that is, the ratio of capital to total
assets is low), which increases banks’ vulnerability to adverse economic
events and increases the risk of failure.

• They have assets that can rapidly change in value and whose value is
often difficult to determine. Consequentially a relatively small decrease
in asset values may have a significant effect on their capital and
potentially on their regulatory solvency.

• They generally derive a significant amount of their funding from

shortterm deposits (either insured or uninsured). A loss of confidence by
depositors in a bank’s solvency can quickly result in a liquidity crisis.

• They have fiduciary duties in respect of the assets they hold that belong
to other persons. This may give rise to liabilities for breach of trust.
Banks therefore need to establish operating procedures and internal
controls designed to ensure that they deal with such assets only in
accordance with the terms on which the assets were transferred to the
bank.

• They engage in a large volume and variety of transactions whose value

may be significant. This necessarily requires complex accounting and
internal control systems and widespread use of information technology
(IT).
 (PAPS 1004)

-8-

• They ordinarily operate through a network of branches and departments

that are geographically dispersed. This necessarily involves a greater
decentralization of authority and dispersal of accounting and control
functions with consequential difficulties in maintaining uniform operating
practices and accounting systems, particularly when the branch network
transcends national boundaries.

• Transactions can often be directly initiated and completed by the

customer without any intervention by the bank’s employees, for example
over the Internet or through automatic teller machines (ATMs).
• They often assume significant commitments without any initial transfer
of funds other than, in some cases, the payment of fees. These
commitments may involve only memorandum accounting entries.
Consequently their existence may be difficult to detect.

• They are regulated by governmental authorities whose regulatory

requirements often influence the accounting principles that banks follow.
Non-compliance with regulatory requirements, for example, capital
adequacy requirements, could have implications for the bank’s financial
statements or the disclosures therein.

• Customer relationships that the auditor, assistants, or the audit firm may
have with the bank might affect the auditor’s independence in a way that
customer relationships with other organizations would not.

• They generally have exclusive access to clearing and settlement systems

for checks and fund transfers, foreign exchange transactions, etc. They
are an integral part of, or are linked to, national and international
settlement systems and consequently could pose a systemic risk to the
countries in which they operate.

• They may issue and trade in complex financial instruments, some of

which may need to be recorded at fair value in the financial statements.
They therefore need to establish appropriate valuation and risk
management procedures. The effectiveness of these procedures
depends on the appropriateness of the methodologies and mathematical
models selected, access to reliable current and historical market
information, and the maintenance of data integrity.
 (PAPS 1004)

-9-

19. A detailed audit of all transactions of a bank would be not only time-consuming
and expensive but also impracticable. The external auditor therefore bases the
audit on the assessment of the inherent risk of material misstatement, the
assessment of control risk and testing of the internal controls designed to
prevent or detect and correct material misstatements, and on substantive
procedures performed on a test basis. Such procedures comprise one or more of
the following: inspection, observation, inquiry and confirmation, computation
and analytical procedures. In particular, the external auditor is concerned about
the recoverability and consequently the carrying value of loans, investments and
other assets shown in the financial statements and about the identification and
adequate disclosure in the financial statements of all material commitments and
liabilities, contingent or otherwise.
20. While the external auditor has the sole responsibility for the audit report and for
determining the nature, timing and extent of audit procedures, much of the
work of internal auditing can be useful to the external auditor in the audit of the
financial statements. The external auditor, therefore, as part of the audit
assesses the internal audit function insofar as the external auditor believes that
it will be relevant in determining the nature, timing and extent of the audit
procedures.

21. PSA 610, “Considering the Work of Internal Auditing” requires external auditors
to consider the activities of internal auditors and their effect, if any, on the
nature, timing, and extent of the external auditor’s procedures. The external
auditor considers the organizational status of the internal audit function, the
scope of its function, the technical competence of its members and the
professional care they exercise when assessing the work of the department.

22. Judgment permeates the auditor’s work. The auditor uses professional
judgment in areas such as:

• assessing inherent and control risk and the risk of material misstatement
due to fraud and error;

• deciding upon the nature, timing and extent of the audit procedures;

• evaluating the results of those procedures; and

• assessing the reasonableness of the judgments and estimates made by

management in preparing the financial statements.
 (PAPS 1004)

-10-

23. An external auditor plans and conducts the audit to obtain reasonable assurance
that misstatements in the bank’s financial statements which, individually or in
aggregate, are material in relation to the financial information presented by
those statements are detected. The assessment of what is material is a matter
for the auditor’s professional judgment, and is influenced by the economic
decisions that users of the bank’s financial statements will take on the basis of
those financial statements. The auditor considers materiality at both the overall
financial statement level and in relation to individual account balances, classes of
transactions and disclosures. Materiality may be influenced by other
considerations such as legal and regulatory requirements and considerations
relating to individual financial statement account balances and relationships.
The process may result in different materiality levels depending on the aspect of
the
financial statements being considered. Similarly, the level of materiality used by
an auditor when reporting on a bank’s financial statements may be different
from the level used when making special reports to the BSP. PSA 320, “Audit
Materiality,” discusses this in more detail.

24. In forming an opinion on the financial statements, the external auditor carries
out procedures designed to obtain reasonable assurance that the financial
statements are prepared in all material respects in accordance with generally
accepted accounting principles in the Philippines. An audit does not guarantee
all material misstatements will be detected because of such factors as the use of
judgment, the use of testing, the inherent limitations of internal control and the
fact that much of the evidence available to the auditor is persuasive rather than
conclusive in nature. The risk of not detecting a material misstatement resulting
from fraud is higher than the risk of not detecting a material misstatement
resulting from error, because fraud may involve sophisticated and carefully
organized schemes designed to conceal it, such as forgery, deliberate failure to
record transactions or intentional misrepresentation being made to the auditor.
Such attempts at concealment may be even harder to detect when accompanied
by collusion. Furthermore, the risk of the auditor not detecting a material
misstatement resulting from management fraud is greater than for employee
fraud, because boards of directors and management are often in a position that
assumes their integrity and enables them to override the formally established
control procedures. Therefore, the auditor plans and performs an audit with an
attitude of professional skepticism, recognizing that circumstances may exist that
cause the financial statements to be materially misstated.

25. When the auditor discovers a misstatement material to the financial statements
taken as a whole, including the use of an inappropriate accounting policy or
 (PAPS 1004)

-11-

asset valuation or a failure to disclose essential information, the auditor asks

management to adjust the financial statements to correct the misstatement. If
management refuses to make the correction the auditor issues a qualified or an
adverse opinion on the financial statements. Such a report could have a serious
effect on the credibility and even stability of the bank, and management
therefore usually takes the steps necessary to avoid it. Likewise, an auditor
issues a qualified opinion or a disclaimer of opinion if management has not
provided the auditor with all the information or explanations the auditor
requires.
26. As a supplementary but not necessarily integral part of the audit, the external
auditor ordinarily communicates certain information to management. This
information may contains comments on such matters as material weaknesses in
internal control or misstatements that have come to the auditor’s attention
during the course of the audit, but which do not warrant a modification of the
audit report (either because additional procedures have been performed to
compensate for a weakness in control or because the misstatements have been
corrected in the financial statements or are immaterial in their context). The
external auditor also communicates matters of governance to those charged
with the governance of the bank.

27. The external auditor is required to report to the BSP the following7:

• any material finding during the audit involving fraud or dishonesty which
will reduce capital funds by at least one percent (1%) (see paragraph 17);

• adjustments or potential losses amounting to at least one percent (1%) of

capital funds of the bank; or

• any finding to the effect that the total bank assets, on a going concern
basis, are no longer adequate to cover the total claims of creditors.

The Role of the BSP

28. The key objective of prudential supervision is to maintain stability and

confidence in the financial system, thereby reducing the risk of loss to depositors
and other creditors. In addition, supervision also is often directed toward
verifying compliance with laws and regulations governing banks and their

7 Required under BSP Circular No. 245, Series of 2000, dated May 25, 2000, as amended by BSP Circular
No. 318, Series of 2002.
 (PAPS 1004)

-12-

activities. However, in this Statement the focus is on the prudential aspect of

the BSP’s role.

29. One of the tools of banking supervision is the system of licensing, which allows
the BSP to identify the population to be supervised and to control entry into the
banking system. In order to qualify for and retain a banking license, entities
must observe certain prudential requirements. These requirements are defined
in BSP regulations. The following basic requirements for a banking license
ordinarily are found in the BSP systems of supervision:

• the bank must have suitable shareholders and members of the board
(this notion includes integrity and standing in the business community as
well as the financial strength of all major shareholders);

• the bank’s management must be honest and trustworthy and must

possess appropriate skills and experience to operate the bank in a sound
and prudent manner;

• the bank’s organization and internal control must be consistent with its
business plans and strategies;

• the bank should have a legal structure in line with its operational
structure;

• the bank must have adequate capital to withstand the risks inherent in
the nature and size of its business; and

• the bank must have sufficient liquidity to meet outflows of funds.

30. Further and more detailed requirements are prescribed, including minimum
numerical ratios for the adequacy of the bank’s capital and liquidity. The
objective of regulation is to set conditions to ensure that a bank conducts its
business prudently and has adequate financial resources to overcome adverse
circumstances and safeguard the interest of the depositors.
 (PAPS 1004)

-13-

31. In addition to licensing new banks, the BSP has the authority to review and reject
any proposal to transfer significant ownership or a controlling interest in existing
banks to other parties.

32. Ongoing banking supervision ordinarily is conducted on the basis of

recommendations and guidance. However, the BSP has at its disposal recourse
to legal powers to bring about timely corrective action when a bank fails to meet
prudential requirements, when there are violations of laws or regulations, or
when depositors are faced with a substantial risk of loss. In extreme
circumstances, the BSP has the authority to revoke the bank’s license.
33. One of the foundations of prudential supervision is capital adequacy. There are
minimum capital requirements for the establishment of new banks and capital
adequacy tests are a regular element in ongoing supervision. 8 In the
consultative package “The New Basel Capital Accord” issued by the Basel
Committee in January 2001, the Basel Committee proposes a capital adequacy
framework based on three complementary pillars: minimum capital
requirements, a supervisory review process and market discipline.

• The first pillar defines the minimum capital requirements for three broad
categories of risks: credit risk, market risk and operational risk.

• The second pillar, the supervisory review process, relies on the following
principles. Banks must have sufficient solvency in relation to its risk
profile and supervisors must have the ability to require banks to hold
capital in excess of the minimum. Banks should assess internally and on
an ongoing basis their capital adequacy based on their present and future
risk profile and supervisors should review the banks’ internal capital
adequacy assessment procedure. Finally, supervisors must intervene
early, taking into account the relatively illiquid nature of most bank assets
and the limited options most banks have in raising capital quickly.

• The third pillar, market discipline, enhances the role of market

participants in encouraging banks to hold adequate levels of capital. In
this respect, banks must disclose quantitative and qualitative information
about their capital and risk profile.

34. Banks are subject to a variety of risks. The BSP monitors and may limit a range of
banking risks, such as credit risk, market risk (including interest and foreign
exchange risk), liquidity and funding risk, operational risk, legal risk and

8 See BSP Circular 280, Series of 2001, for capital requirements for credit risks.
 (PAPS 1004)

-14-

reputational risk. It may also develop systems of measurement that will capture
the extent of exposure to specific risks (for example, the risks involved in
derivative financial instruments). These systems may form the basis for specific
controls or limits on the various categories of exposure.

35. The most significant of banking risks, in terms of historical loss experience, is the
risk that a customer or counterparty will not settle an obligation for full value,
either when due or at any time thereafter (sometimes referred to as credit risk).
It is not the BSP’s role to direct banks’ lending policies, but it is essential for the
BSP to be confident that the bank has adopted a sound system for managing
credit risk. The BSP also evaluates the effectiveness of a bank’s policies and
practices for assessing loan quality. The BSP seeks to be satisfied that the
methods employed and judgments made by management to calculate
allowances produce an aggregate amount of specific and general allowances that
is adequate to absorb estimated credit losses, on a timely basis, in accordance
with appropriate policies and procedures. In addition, the BSP also seeks to
ensure that credit risk is adequately diversified by means of rules to limit
exposures, whether in terms of individual borrowers, industrial or commercial
sectors or particular countries or economic regions.

36. Although it is difficult to assess, the quality of a bank’s loans and other assets is
one of the most critical determinants of its financial condition. Accordingly,
accurate and prudent valuation of assets is of great importance for the BSP
because it has a direct bearing on the determination of the reported amount of
the bank’s capital. As already indicated, capital is widely used as the supervisory
standard against which exposures are measured or limited. While the proper
valuation of assets is one of the primary responsibilities of management, the
valuation process often involves considerable judgment. In general, unless the
BSP performs its own evaluation of this process to determine its accuracy and
compliance with documented policies and procedures, the BSP relies in large
part on the management’s judgment of the proper valuation of assets and on
the fact that valuations that appear in the financial statements have been
subjected to external audit.
 (PAPS 1004)

-15-

37. The BSP attaches considerable importance to the need for banks to have in place
internal controls that are adequate for the nature, scope and scale of their
business. The purpose of internal controls is to assist in achieving management’s
objective of ensuring, as far as practicable, the orderly and efficient conduct of
its business, including adherence to management policies, the safeguarding of
assets, the prevention and detection of fraud and error, the accuracy and
completeness of the accounting records, and the timely preparation of reliable
financial information.

38. The development of sophisticated real-time computerized information systems

has greatly improved the potential for control, but in turn has brought with it
additional risks arising from the possibility of computer failure or fraud. The
introduction of E-Commerce has also introduced significant new risks and
requires, in turn, additional controls.
39. The BSP is concerned to ensure that the quality of management is adequate for
the nature and scope of the business. Where on-site inspections are carried out,
the examiners have an opportunity to notice signs of management deficiencies.
The BSP may also arrange to interview management on a regular basis and
pursues other opportunities for contacts where they arise. The BSP tries to use
these opportunities to understand management’s business plans and strategies
and how it expects to achieve them. Similarly, the BSP seeks to discover whether
the bank is properly equipped to carry out its functions in terms of the skills and
competence of its staff and the equipment and facilities at its disposal. The
information gained from these contacts with management assists the BSP in
forming an opinion about management’s competence.

40. Effective supervision requires the collection and analysis of information about
supervised banks. For example, the BSP collects, reviews and analyzes
prudential reports and statistical returns from banks. These include basic
financial statements as well as supporting schedules that provide greater detail.
These reports are used to check adherence to certain prudential requirements
and they also provide a basis for discussions with the bank’s management. Off-
site monitoring can often identify potential problems, particularly in the interval
between on-site inspections, thereby providing early detection and prompting
corrective action before problems become more serious.

41. The BSP must have a means of validating the information they receive either
through on-site inspections or the use of external auditors. On-site work,
whether done by the BSP’s own staff or commissioned by the BSP but
undertaken by external auditors, is structured to provide independent
 (PAPS 1004)

-16-

verification of whether an adequate internal control system, meeting the specific

criteria the BSP mandates, exists at individual banks and whether the
information provided by banks is reliable.

42. To enhance their understanding of a bank’s corporate governance and system of

operation, BSP authorities may meet periodically with the bank’s audit
committee or its board of directors. This provides an opportunity for the audit
committee or the board of directors to discuss any concerns it may have about
the management of the bank and enables the BSP to form a view as to the audit
committee’s effectiveness.
43. Banking supervisors are interested in ensuring that all the work performed by
external auditors is carried out by auditors who:

• are properly licensed and in good standing;

• have relevant professional experience and competence;

• are subject to a quality assurance program;

• are independent in fact and appearance of the bank audited;

• are objective and impartial; and

• comply with any other applicable ethical requirements.9

44. Accordingly, the BSP has established requirements for the selection of external
auditors of banks.10 This is intended to ensure that the external auditors the
banks appoint have the necessary experience, resources and skills to conduct
bank audits. Where there is no obvious reason for a change of external auditor,
the BSP may also investigate the circumstances that caused the bank not to
reappoint the auditor.

45. The BSP has a clear interest in ensuring high standards of bank auditing.
Moreover, an important concern of the BSP is the independence of the external

9 The auditor complies with the provisions of the Philippine Code of Professional Ethics for Certified
Public Accountants.

10 See BSP Circular No. 245, Series of 2000, dated May 25, 2000, as amended by BSP Circular No. 318,
Series of 2002.
 (PAPS 1004)

-17-

auditor who performs the audit of a bank, particularly when the auditor also
provides certain types of non-audit services to the bank. Accordingly, the BSP
maintains close contact with the ASPC in order to address issues of mutual
interest.

The Relationship Between the BSP and the External Auditor

46. In many respects the BSP and the external auditor have complementary
concerns regarding the same matters though the focus of their concerns is
different.

• The BSP is primarily concerned with maintaining the stability of the

banking system and fostering the safety and soundness of individual
banks in order to protect the interests of the depositors. Therefore, the
BSP monitors the present and future viability of banks and uses their
financial statements in assessing their condition and performance. The
external auditor, on the other hand, is primarily concerned with reporting
on the bank’s financial statements ordinarily either to the bank’s
shareholders or board of directors. In doing so, the auditor considers the
appropriateness of management’s use of the going concern assumption.
The auditor considers the period of assessment used by management
and, when that period is less than 12 months from the balance sheet
date, asks management to extend the assessment period to at least 12
months from the balance sheet date. If management refuses to do so
PSA 570, “Going Concern,” requires the auditor to consider the need to
modify the auditor’s report as a result of the limitation of the auditor’s
work. The auditor also inquires of management as to its knowledge of
events or conditions beyond the period of assessment used by
management that may cast significant doubt on the bank’s ability to
continue as a going concern.
 (PAPS 1004)

-18-

• The BSP is concerned with the maintenance of a sound system of internal

control as a basis for safe and prudent management of the bank’s
business. The external auditor, in most situations, is concerned with the
assessment of internal control to determine the degree of reliance to be
placed on the system in planning and performing the audit.

• The BSP must be satisfied that each bank maintains adequate records
prepared in accordance with consistent accounting policies and practices
that enable the BSP to appraise the financial condition of the bank and
the profitability of its business, and that the bank publishes or makes
available on a regular basis financial statements that fairly reflect its
condition. The external auditor is concerned with whether adequate and
sufficiently reliable accounting records are maintained in order to enable
the entity to prepare financial statements that do not contain material
misstatements and thus enable the external auditor to express an
opinion on those statements.

47. When the BSP uses audited financial statements in the course of supervisory
activities, the BSP needs to bear in mind the following factors.

• Supervisory needs are not ordinarily the primary purpose for which the
financial statements were prepared;

• An audit in accordance with PSAs is designed to provide reasonable

assurance that the financial statements taken as a whole are free from
material misstatement;

• The importance of the accounting policies used in the preparation of the

financial statements as generally accepted accounting principles in the
Philippines require the exercise of judgment in their application and may
allow choices in certain policies or how they are applied;

• Financial statements include information based on judgments and

estimates made by the management and examined by the auditor;

• The financial position of the bank may have been affected by subsequent
events since the financial statements were prepared;
 (PAPS 1004)

-19-

• The BSP cannot assume that the auditor’s evaluation of internal control
for the purposes of the audit will necessarily be adequate for the
purposes for which the BSP needs an evaluation, given the different
purposes for which internal control is evaluated and tested by the BSP
and the auditor; and

• The controls and accounting policies that the external auditor considers
may not be the ones that the bank uses when preparing information for
the BSP.

48. Nonetheless, there are many areas where the work of the BSP and of the
external auditor can be useful to each other. Communications from auditors to
management and other reports submitted by auditors can provide BSP with
valuable insight into various aspects of the bank’s operations. Such reports may
be made available to the BSP.
49. Similarly, external auditors may obtain helpful insights from information
originating from the BSP. When a supervisory inspection or a management
interview takes place, the conclusions drawn from the inspection or interview
are customarily communicated to the bank. These communications can be
useful to auditors inasmuch as they provide an independent assessment in
important areas such as the adequacy of the allowance for loan losses and focus
attention on specific areas of supervisory concern. The BSP may also develop
certain informal prudential ratios or guidelines that may be made available to
the banks and that can be of assistance to auditors in performing analytical
reviews.

50. When communicating with management, both the BSP and external auditors are
aware of the benefits that can flow to each other from knowledge of the matters
contained in such communications. It is therefore advantageous for
communications of this nature to be made in writing, so that they form part of
the bank’s records to which the other party should have access.

51. In order to preserve the concerns of both parties regarding the confidentiality of
information acquired while carrying out their respective functions, it is normal
that, when contacts between the BSP and the external auditor become
necessary, management of the bank is also present or at least informed. It is
recommended that timely and appropriate measures be taken so that external
auditors cannot be held liable for information disclosed in good faith to the BSP
in accordance with applicable laws and regulations. These measures can take
the form of legal initiatives or can be an agreement among the bank, its
 (PAPS 1004)

-20-

management, the external auditor and the BSP.11 This is particularly true when
the presence of management would compromise the discussion, for example,
where the auditor believes that management is involved in fraudulent conduct.

52. PSA 260, “Communications of Audit Matters With Those Charged With
Governance,” identifies matters of governance interest and requires auditors to
communicate those matters on a timely basis to those charged with
governance.11 Audit matters of governance interest include only those matters
that have come to the attention of the auditor as a result of the performance of
the audit. The auditor is not required, in an audit in accordance with PSAs, to
design procedures for the specific purpose of identifying matters of governance
interest. Certain audit matters of governance interest are likely to be of interest
to the BSP, particularly where those matters may require urgent action by the
BSP. When required by the BSP, the auditor communicates such matters to the
BSP on a timely basis (see paragraph 27). In situations where there are no such
requirements, agreements or protocols, the auditor encourages the bank’s
management or those charged with governance to communicate on a timely
basis matters that, in the auditor’s judgment, may be of urgent interest to the
BSP. Furthermore, even if there is no requirement to do so, the auditor
considers communicating such matters to the BSP when management or those
charged with governance do not do so. In such circumstances, the auditor
considers whether the law protects the auditor when such communications are
made.

11 BSP Circular 245, Series of 2000, dated May 25, 2000, as amended by BSP Circular No. 318, Series of
2002, provides that the contract between the bank and the external auditor shall contain a provision that
the disclosure of information by the external auditor to the BSP shall not be a ground for civil, criminal or
disciplinary proceeding against the auditor.
 (PAPS 1004)

-21-

11
Ordinarily such matters include:

• The general approach and overall scope of the audit, including any expected limitations thereon, or
any additional requirements;
• The selection of, or changes in, significant accounting policies and practices that have, or could have,
a material effect on the entity’s financial statements;
• The potential effect on the financial statements of any significant risks and exposures, such as
pending litigation, that are required to be disclosed in the financial statements;
• Audit adjustments, whether or not recorded by the entity, that have or could have, a significant effect
on the entity’s financial statements;
• Material uncertainties related to events and conditions that may cast significant doubt on the entity’s
ability to continue as a going concern;
• Disagreements with management about matters that, individually or in aggregate, could be
significant to the entity’s financial statements or the auditor’s report. These communications include
consideration of whether the matter has, or has not, been resolved and the significance of the
matter;
• Expected modifications to the auditor’s report;
• Other matters warranting attention by those charged with governance, such as material weaknesses
in internal control, questions regarding management integrity, and fraud involving management; and
• Any other matters agreed upon in the terms of the engagement.

53. The following are examples of types of other matters that may come to the
attention of the auditor and may require urgent action by the BSP:

• information that indicates a failure to fulfill one of the requirements for a

banking license;

• a serious conflict within the decision-making bodies or the unexpected

departure of a manager in a key function;

• information that may indicate a material breach of laws and regulations

or the bank’s articles of incorporation, charter or by-laws;

• the intention of the auditor to resign or the removal of the auditor from
office; and
 (PAPS 1004)

-22-

• material adverse changes in the risks of the bank’s business and possible
risks going forward.

In many cases the external auditor also communicates these matters to those
charged with governance.

54. The external auditor may carry out specific assignments or issues special reports
in accordance with statutes or at the request of the BSP to assist the BSP in
discharging its supervisory functions. These duties may include reporting upon
whether:

• licensing conditions have been complied with;

• the systems for maintaining accounting and other records and the
systems of internal control are adequate;

• the method used by the bank to prepare reports for the BSP is adequate
and the information included in these reports, which may include
specified ratios of assets to liabilities and other prudential requirements,
is accurate;

• the organization is adequate based on criteria provided by the BSP;

• laws and regulations are complied with; and

• appropriate accounting policies are adhered to.

55. The BSP and internal and external auditors cooperate with each other to make
their contributions to the supervisory process more efficient and effective. The
cooperation optimizes supervision while allowing each party to concentrate on
its own responsibilities. The cooperation may be based on periodic meetings of
the BSP and the external and internal auditors.

Additional Requests for the External Auditor to Contribute to the Supervisory Process

56. A request of the BSP to an external auditor to assist in specific supervisory tasks
should be made in the context of a well-defined framework that is set forth in
applicable law or a contractual agreement between the bank and the BSP. These
 (PAPS 1004)

-23-

requests may in some cases be the subject of a separate engagement. In this

situation, the following criteria should be established.

57. First, the basic responsibility for supplying complete and accurate information to
the BSP must remain with the bank’s management. The external auditor’s role is
to report on that information or on the application of particular procedures. As
such, the auditor does not assume any supervisory responsibilities, but, by
providing this report, enables the BSP to make judgments about the bank more
effectively.

58. Second, the normal relationship between the external auditor and the audited
bank needs to be safeguarded. If there are no other statutory requirements or
contractual arrangements governing the external auditor’s work, all information
flows between the BSP and the auditor typically are channeled through the bank
except in exceptional circumstances. Thus, the BSP will request the bank to
arrange to obtain the information it requires from the auditor and such
information will be submitted to the BSP through the bank. Any meetings
between the external auditor and the BSP will, except as indicated in paragraphs
51 and 52 above, be attended by representatives of the bank, and the bank’s
approval will be required before the auditor transmits copies of communications
to management and other reports to the BSP.12

59. Third, before concluding any arrangements with the BSP, the external auditor
considers whether any conflicts of interest may arise. If so, these need to be
satisfactorily resolved before the commencement of the work, normally by
obtaining the prior approval of the bank’s management to undertake the
assignment.
60. Fourth, the supervisory requirements must be specific and clearly defined in
relation to the information required. This means that the BSP needs, as far as
possible, to describe the standards against which the bank’s performance can be
measured, so that the auditor can report whether or not they have been
achieved. If, for example, information is required on the quality of loan assets,
the BSP has to specify what criteria are to be used in classifying the loans
according to risk category. Similarly, wherever possible, some understanding
must be reached between the BSP and external auditors regarding the concept
of materiality.

12 Banks may furnish copies of the external auditor’s communications to management and other special
reports directly to the BSP.
 (PAPS 1004)

-24-

61. Fifth, the tasks that the BSP asks the external auditor to perform need to be
within the auditor’s competence, both technical and practical. The auditor may,
for example, be requested to assess the extent of a bank’s exposure to a
particular borrower or country. However, without clear and specific guidance,
the auditor will not be in a position to judge whether any particular exposures
are excessive. In addition, audits are carried out at intervals and not
continuously, so that, for example, it is not reasonable to expect the external
auditor, in addition to the work necessary to conduct the audit, to carry out a
complete evaluation of internal control or to monitor a bank’s compliance with
all supervisory rules except through an ongoing program of work over a period of
time.

62. Sixth, the external auditor’s task for the BSP must have a rational basis. This
means that except in special circumstances the task must be complementary to
the regular audit work and can be performed more economically or more
expeditiously than by the BSP, either because of the auditor’s specialized skills or
because duplication is thereby avoided.

63. Finally, certain aspects of confidentiality need to be protected, in particular the

confidentiality of information obtained by the external auditor through
professional relationships with other audit clients and not available to the bank
or the public.

64. The way in which the external auditor’s role can be extended depends on the
nature of the supervisory environment. For example, if the BSP follows an active
approach, with frequent and rigorous inspection, the assistance that might be
asked of the external auditor will normally be minimal. If, on the other hand,
there is a history of less direct supervision, primarily based on the analysis of
reported information provided by bank’s management, as opposed to
inspection, or if supervisory resources are limited, the BSP can benefit from the
assistance that the external auditor can offer in providing assurance on the
information obtained.
65. The current supervisory approach may contain elements of both inspection and
analysis of reported information. As banking develops in complexity, inspection
is proving more and more demanding in terms of supervisory resources. Greater
reliance may need to be placed on reported information, and the BSP may look
to the external auditor for assistance in those areas for which the auditor’s skills
are particularly suited.

66. Where the BSP has previously relied solely on their analysis of prudential
returns, it may find that a certain degree of on-the-spot examination is a
 (PAPS 1004)

-25-

desirable safeguard. In this case, the BSP may rely more than before on external
auditors to assist them by performing specific tasks (see paragraph 54).

67. Where contacts between external auditors and the BSP have become close over
a long period, a bond of mutual trust may be built up and extended experience
of collaboration may enable each to benefit from the other’s work. Experience
may indicate that the conflicts of interest that auditors may in principle perceive
as preventing close collaboration with the BSP assume less importance in
practice and do not present an obstacle to a fruitful dialogue.

The Need for a Continuing Dialogue Between the BSP and the Accountancy Profession

68. If the BSP is to derive benefit from the work of external auditors on a continuing
basis, the BSP should discuss current areas of supervisory concern with the
accounting profession as a whole. This can be achieved through periodic
discussions between the BSP and the professional accountancy bodies. Such
discussions could cover areas of mutual concern. It is of considerable assistance
to auditors in making informed judgments if they were to have as clear an
understanding as possible of the BSP’s knowledge and attitude on such matters.
In the course of such discussions, the BSP should also have an opportunity to
express their views on accounting policies and auditing standards generally and
on specific audit procedures in particular. This assists in improving the general
standard of audits of banks’ financial statements. It is advisable for the banks’
own industry associations to be involved in discussions on these topics, for
example, through the head of the internal audit function, to ensure that the
views of all parties are taken into account.

69. Discussions between the BSP and professional accountancy bodies could also
usefully include major auditing issues and topical accounting problems, such as
the appropriate accounting techniques for newly developed instruments, and
other aspects of financial innovation and securitization. These discussions could
assist in banks’ adoption of the most appropriate accounting policies.
70. Both the BSP and the accountancy profession have an interest in achieving
uniformity among banks in their application of appropriate accounting policies.
The BSP is often able to exercise a persuasive influence over banks in achieving
uniform policies because of their regulatory powers, while external auditors are
often better placed to monitor or review the actual application of such policies.
A continuing dialogue between the BSP and the profession could therefore
significantly contribute towards the harmonization of accounting standards for
banks at the national level.
 (PAPS 1004)

-26-

Effective Date

71. This PAPS shall be effective for audits of financial statements for periods ending
on or after December 31, 2003. Earlier application is encouraged.

Acknowledgment

72. This PAPS, The Relationship Between Bangko Sentral ng Pilipinas (BSP) and
Banks’ External Auditors, is based on International Auditing Practice Statement
(IAPS) 1004, The Relationship Between Banking Supervisors and Banks’ External
Auditors.

73. This PAPS differs from IAPS 1004 mainly with respect to the following matters:

(a) The term “banking supervisor” (and equivalent terms) used in IAPS 1004
was changed to “Bangko Sentral ng Pilipinas.”

(b) The provisions of BSP Circular No. 283 relating to the specific duties and
responsibilities of the banks’ board of directors were incorporated in
paragraph 8 of this PAPS to replace the general responsibilities of the
board of directors and management included in the IAPS.

(c) The relevant provisions of applicable BSP Circulars (e.g., Circular No.
245, as amended by Circular No. 318; Circular No. 280; and Circular No.
283) were incorporated in the related discussions in the PAPS or referred
to in the footnotes.

(d) The reporting framework in accordance with which the bank’s financial
statements should be prepared (on which the bank’s external auditors
will express an opinion) is specified in the PAPS to be the generally
accepted accounting principles in the Philippines.
This Philippine Auditing Practice Statement 1004 was unanimously approved on
February 24, 2003 by the members of the Auditing Standards and Practices Council:

Benjamin R. Punongbayan, Chairman Antonio P. Acyatan, Vice Chairman

 (PAPS 1004)

-27-

Felicidad A. Abad David L. Balangue

Eliseo A. Fernandez Nestorio C. Roraldo

Editha O. Tuason Joaquin P. Tolentino

Joycelyn J. Villaflores Carlito B. Dimar

Froilan G. Ampil Erwin Vincent G. Alcala

Horace F. Dumlao Isagani O. Santiago

Eugene T. Mateo Emma M. Espina

Jesus E. G. Martinez