1 / 35

CBS: Audit Considerations

CBS: Audit Considerations. Subhash Chandra Arora MSC,CAIIB,ACMA,FCS,CISA. Agenda : CBS Audit. Objective Challenges of CBS Audit Engagement Risk Sources of material mis -statement Internal Controls to protect from Risks in CBS Assessment of Internal Controls Access Rights

vin
Download Presentation

CBS: Audit Considerations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CBS: Audit Considerations Subhash Chandra Arora MSC,CAIIB,ACMA,FCS,CISA

  2. Agenda : CBS Audit • Objective • Challenges of CBS Audit • Engagement Risk • Sources of material mis-statement • Internal Controls to protect from Risks in CBS • Assessment of Internal Controls • Access Rights • Interfaces, outsourcing • MIS: Exception Reports • Data Gathering

  3. CBS Audit: Objective

  4. Reduce Audit Risk: Challenge In most situations, the auditor will not be able to reduce audit risk to an acceptably low level unless management has instituted an internal control system that allows the auditor to be able to assess the level of inherent and control risks as less than high. The auditor obtains sufficient appropriate audit evidence to assess the level of inherent and control risks.

  5. Guidance Note: Internal Control • Internal control makes the right things happen the first time • Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity's management and governing bodies/ committees

  6. CBS Audit: Engagement Risk Rule of Bureaucracy : Not to inform the reader, but to To protect the writer

  7. Engagement Team Discussion • Errors that may be more likely to occur; • The method by which fraud might be perpetrated by bank personnel or others within particular account balances and/or disclosures; • Audit responses to Engagement Risk, Pervasive Risks, and Specific Risks; • The need to maintain professional skepticism throughout the audit engagement; and • The need to alert for information or other conditions that indicates that a material misstatement may have occurred (e.g., the bank’s application of accounting policies in the given facts and circumstances).

  8. Challenges of CBS Audit • No access to the overall IT policy, processes, controls and accounting procedures implemented by the bank. • Complex trading transactions • Unfamiliar Workflows • Undetected errors in Business Rules in system • Lack of Visible Evidence • Mammoth EOD Reports • Huge Online MIS : ‘clock lost in hay’ analogy • Bugs and frauds hidden in labyrinth of data • Anxiety: Does the CBS generate reliable & accurate financial statements & reports? • Judgment of Value • Independent IT audit of the branch. CBS

  9. CBS Audit: Guidance Note • Part II – Risk Assessment and Internal Control deals with audit procedures to be followed under the two risk based Standards, • SA 315, “Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Environment including Internal Control” , and • SA 330, “.... Responses to Assessed Risks”

  10. CBS: Audit Procedures -

  11. Assertion level Risk Assessment • Identify risks throughout the process • Pinpoint each risk to one or more assertions relating to account balances or disclosures. • Consider whether the risks are of a magnitude that could result in a material misstatement of the financial statements. • Document the identified and assessed risks of material misstatement at the assertion level.

  12. Dimensions of CBS Audit Risks • CBS Control Risk • Management is responsible for design, implementation and maintenance of internal control relevant to the preparation of the financial statements that are free from material misstatement, whether due to fraud or error. Controls Inherent Risk Deposits Advances Trade Finance Inc / EXP Misc A/L Interfaces

  13. Guidance Note: Internal Control • Internal control makes the right things happen the first time • Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity's management and governing bodies/ committees

  14. CBS Audit: Key

  15. CBS Audit: Strategy • Options : • Evaluate & Test controls, and /or (may be Centralized) • Perform substantive tests – often inefficient • Perform Substantive tests, when control • does not address inherent risk • addresses IR, but not to the extent that further review and testing of control efficient • addresses IR sufficiently to warrant testing, but not efficient to do so, e.g. very few transactions • A substantive test “substantiates “ the integrity of actual transaction processing.

  16. Financial Audit: Control Evaluation

  17. Audit : Prioritise – Risk Matrix

  18. Audit strategy: Based on Control Risk AssessmentIn respect of each category of Txn

  19. Controls: Attributes

  20. Guidance note on Test of Controls • Access to primary and subsidiary records is provided and use of data analysis tools is allowed at central and branch level. • Test of controls and substantive checking of sample transactions is carried out at the central level and the results are shared with the branch auditors, if required.

  21. Risk Assessment : Worksheet • Risk Area : • Risk Description : • Inherent Risk – Size of the Risk Area • Control objective – relevant to audit • What ensures that Control Objective is achieved • Control Risk Assessment • Type of control : Preventive / Detective / Corrective • Whether Control Depends upon another control for its effectiveness • Whether Control Exists • Whether control is implemented

  22. Illustrative list of controls • Access Control Matrix - E/P/V • Segregation of duties in high risk areas • Standard Operating Procedures • EOD/BOD/Monthly Control Reports • List of TODs Granted • Transgression of powers • Debits to income heads • Manual debits to office A/cs like • Customer debits without cheque • Customer Risk Categorisation

  23. Example MIS :FDs • List of deposits with wrong interest codes and either closed fully or partially before maturity during the month. Check Interest / verify • Details of Value Dated Deposits opened during the month. Check Authorisation / verify • List of Term Deposit accounts opened and closed during the month within 15 days and interest paid. Check Interest Computation/ verify • List of deposit accounts where TDS exemption flag is 'Yes' at account level as on the date of the report. Check supporting evidence/ verify • FFD- CustID mismatch. Check appropriate linking.

  24. CBS Audit: Inquiries to be done • System of MIS verification and Risk Audit. • Make inquiries of management, internal auditor, and others within the bank, as appropriate, to determine whether they have knowledge of any actual, suspected, or alleged fraud affecting the bank.

  25. Audit: Sample Size • Does not depend on population (npq≥5) • where 1.96 signifies 95% lavel of confidence. For 99% level of confidence replace 1.96 with 2.58.

  26. Substantive Test: Hypothesis

  27. Example C1/A1 29 Mar Features Integrity: Unauthorised Debit No Cheque or debit authority No application for FD FD Value Dated (-4days) Sign on Loan Doc forged No Resolution to borrow Loan signatories not authorised Loan at 0% Margin C3/A3 C2/A2 250L 50L Susp 150L 450L FD/A1 Vdt 25 Mar LN/A1

  28. Example: Continued DD/A1 31/03 02/04 754 TDS/ Prkg Exp/Int FD Exp/Int FD 22192(6days) 7397 754 No TDS Loan 9112 6643 Inc/ Int Loan 14792 Inc/ Int 4931 08/04 450L Exp/IntFd FD/ A1 3679 DD/A1 Cancelled on 11/07 9866 DD/ ITO

  29. Learnings from the example • Management is often in the best position to perpetrate fraud - use professional judgment • Focus on areas with high risk & high probability that controls are not in place or are weak e.g. • Large value debits without cheque • Large value loans against FDs • Loans against FDs at lower / zero margins • Misuse of suspense accounts • Don’t forget positive risks – opportunities!

  30. Compute Loan outstanding • Use the IPMT function to find the balance of a loan using the following formula =IPMT(rate,per,nper,PV)/rate

  31. Compute interest Income During Prd • Use the IPMT worksheet function to calculate • Interest on Loan during some period • =SUM(IPMT(rate,ROW(A1:A12),nper,-Amt))

  32. Factors influencing Risk • Past misstatements strongly indicate about the likely occurrence of future misstatements; • Unreliable application systems e.g. Asset classification SW/module • Non-systematically processed transactions • The incidence of misstatements is greater in transactions relating to accounting estimates and adjustments at or near to the end of an accounting period (i.e., cut-offs and accruals); and • Incidence of misstatements associated with unusual or complex transactions.

  33. Role and responsibilities of branch auditors • To the extent possible, data analysis tools are used for better and effective audit. • Test of controls and substantive checking of sample transactions is carried out at the branch level and the results are shared with the central auditor, if required. • Significant observations having bearing on the true and fair view are reported to central auditor. • Any other limitations on audit which are required to be reported to the central auditor.

  34. Thank you

More Related