1 / 26

APS 310 AUDIT AND RELATED MATTERS

APS 310 AUDIT AND RELATED MATTERS. INTERNAL CONTROLS RELATING TO PRUDENTIAL STANDARDS TIMOTHY CRONIN 28 May 2010. INTERNAL CONTROLS RELATING TO PRUDENTIAL STANDARDS. Overview APS 310 Audit and Related Matters Assurance Report Risk Management Systems Audit Standards ASAE 3000

bat
Download Presentation

APS 310 AUDIT AND RELATED MATTERS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. APS 310 AUDIT AND RELATED MATTERS INTERNAL CONTROLS RELATING TO PRUDENTIAL STANDARDS TIMOTHY CRONIN 28 May 2010 BDO: Key slides

  2. INTERNAL CONTROLS RELATING TO PRUDENTIAL STANDARDS Overview APS 310 Audit and Related Matters Assurance Report Risk Management Systems Audit Standards ASAE 3000 ASAE 3100 Guidance Statement GS 012 Review Procedures

  3. AUDITORS ANNUAL PRUDENTIAL ASSURANCE REPORT APS 310 AUDIT and RELATED MATTERS AFIAA Annual Conference 2010 – Internal Controls Relating to Prudential Standards

  4. APS 310 AUDIT AND RELATED MATTERSAppointed Auditors Responsibilities Internal Controls Relating to Prudential Requirements The appointed auditor must provide limited assurance that the ADI has controls that are designed to ensure the ADI: has complied with all applicable prudential requirements; has provided reliable data to APRA in the reporting forms prepared under the FSCODA; and in relation i) and ii), the appointed auditor must also provide limited assurance that these controls have operated effectively throughout the financial year

  5. AUDITORS ANNUAL PRUDENTIAL ASSURANCE REPORT PART C Review of Internal Controls Addressing Compliance with Prudential Requirements and Reliability of Data Included in ADI Reporting Forms AFIAA Annual Conference 2010 – Internal Controls Relating to Prudential Standards

  6. Part c Review of Internal Control Extract from Assurance Report Based on our review, which is not an audit, nothing has come to our attention that causes us to believe that, for the financial year ending 30 June 2010, in all material respects: [name of ADI] has not implemented internal controls that are designed to ensure: compliance with all applicable Prudential Requirements; reliable data is provided to APRA in the ADI Reporting Forms prepared under the FSCODA; and the controls in (a) have not operated effectively

  7. Part c Review of Internal Control Limited Assurance level of assurance that is less than that provided in an audit. objective - a reduction in risk to a level that is acceptable as the basis for a negative form of expression risk is greater than for a reasonable assurance engagement commonly referred to as a review.

  8. Part c Review of Internal Control Review A review consists of making enquiries of responsible personnel and applying analytical and other review procedures; A review is substantially less in scope than an audit conducted in accordance with Australian Auditing Standards ; A review does not enable us to obtain assurance that we would become aware of all significant matters that might be identified in an audit; and Accordingly, we do not express an audit opinion.

  9. RISK MANAGEMENT SYSTEMS APS 310 AUDIT and RELATED MATTERS AFIAA Annual Conference 2010 – Internal Controls Relating to Prudential Standards

  10. RISK MANAGEMENT SYSTEMS It is the responsibility of an ADI’s Board and management to ensure that the ADI meets prudential and statutory requirements and has management practices to limit risks to prudent levels.

  11. Annual declarationCEO and Board must attest that they have (a) identified the key risks of the ADI; (b) established systems to monitor and manage those risks including, where appropriate, by setting and requiring adherence to a series of prudent limits, and by adequate and timely reporting processes; (c) risk management systems are operating effectively and are adequate having regard to the risks they are designed to control; and (d) descriptions of risk management systems provided to APRA are accurate and current.

  12. AUDITING STANDARDS AND GUIDANCE ASAE 3000 Assurance Engagements Other Than Audits or Reviews of Historical Financial Information ASAE 3100 Compliance Engagements GS 012 Prudential Reporting Requirements for Auditors of Authorised Deposit Taking Institutions AFIAA Annual Conference 2010 – Internal Controls Relating to Prudential Standards

  13. GS012 prudential reporting requirements for auditors of adi’S Evaluation of Control Framework The appointed auditor needs to evaluate the control framework in the context of an understanding of the: ADI and its environment Risk Management framework Internal Control Framework Compliance Framework

  14. GS012 prudential reporting requirements for auditors of adi’S Evaluation of Control Framework A top down approach is adopted, including the following: Enquiries of key personnel Observation of ADI operations Walk through tests of controls Compliance Framework

  15. GS012 prudential reporting requirements for auditors of adi’S Evaluation of Control Framework Key elements of the process are: Understand ADI’s overall control environment and compliance framework Identify internal compliance functions Review Risk Management Systems Review processes to support CEO’s attestation to APRA over its Risk Management Systems

  16. GS012 prudential reporting requirements for auditors of adi’S Evaluation of APRA Reporting Key elements of the process are identifying: Internal compliance functions designed to oversee the provision of data to APRA Significant processes for preparation of ADI Reporting Forms Key controls over these significant processes designed to ensure reliable data provided to APRA

  17. GS012 prudential reporting requirements for auditors of adi’S Evaluation of Findings Evaluate individually, and in the aggregate, whether uncorrected misstatements are material Misstatements are considered material if the intended user would be influenced by the misstatement

  18. GS012 prudential reporting requirements for auditors of adi’S Evaluation of Findings Key concern – potential impact on the ADI’s capital base and capital adequacy ratio APRA – materiality threshold 25 basis points of Risk Weighted Assets in aggregate Controls – nature of control weaknesses, instances of non-compliance

  19. GS012 prudential reporting requirements for auditors of adi’S Evaluation of Findings The evaluation of the severity of a deficiency in internal control does not depend on whether a misstatement or non-compliance with a Prudential Requirement has actually occurred, but rather the likelihood that the ADI’s controls may fail to prevent or detect a material misstatement or material non-compliance with a Prudential Requirement. (c 163)

  20. INTERNAL CONTROLS – REVIEW PROCEDURES Prudential Requirements Reliable Data to APRA AFIAA Annual Conference 2010 – Internal Controls Relating to Prudential Standards

  21. Internal controls Overview of Approach At a high level, the approach we take is as follows: Audit Planning Evaluation of Risk Management Systems using detailed control checklists Evaluation of process for the completion of APRA Reporting Forms using control checklist Detailed testing of Risk Management Systems and APRA Reporting Evaluation of results and Reporting

  22. Internal controlsPrudential Requirements Board Management Risk Management Framework Policies and Procedures Control Framework Information Systems

  23. Internal controlsReliable Data to APRA Policy and Procedures Staff – Experience/Expertise Information Systems/Shadow Systems Review Board Approval Past Results

  24. Internal controlsCredit Risk Loans Funding Examples of factors to consider in reviewing loans funding: Lending Staff Loan Policy Delegations Valuations Segregation of Duties Compliance Large Exposures

  25. Internal controlsCredit Risk Impairment Examples of factors to consider in reviewing impairment: Loan Arrears Staff Loan Provision Methodology Controls over standing data Segregation of Duties Reporting

  26. QUESTIONS?

More Related